WWW.FORBES.COM
Now Hackers Are Using Snail Mail In Cyber AttacksHeres How
Hackers have turned to snail mail as a malware distribution method.gettyUpdate, Nov. 19, 2024: This story, originally published Nov. 18 now includes new advice from security professionals relating to the use of QR codes in cyber attacks.In what I can only describe as a first in my decades of real-world experience covering cyber attacks of all shapes and sizes, cyber criminals have turned to decidedly old technology to distribute malware according to this new warning from the Swiss National Cyber Security Centre: snail mail. Yes, you read that right. It appears that good old-fashioned paper letters posted in envelopes with stamps on them, are being used as the starting point in a bunch of new phishing cyber attacks. Heres what we know.Hackers Are Using Printed QR Codes Sent By Snail Mail In Latest Swiss Cyber AttacksAs first reported by The Register, the Swiss National Cyber Security Center has issued a warning to citizens of Switzerland after cyber attacks employing the physical postal service were uncovered. The letters, posted using what we used to call snail mail in the early days of email, purport to have been sent by MeteoSwiss, the Swiss Federal Office of Meteorology and Climatology. The letters are, of course, fake. However, the QR code that is printed on them with so-called advice to download a severe weather warning app, is very real indeed. As is the threat posed to anyone who should do so.The app itself is designed to look similar to the genuine Alertswiss app that comes from the Swiss Federal Office for Civil Protection. However, rather than alert the user to danger, the app is the danger in and of itself. The QR code, if scanned using the recipients smartphone, will download malware by the name of Coper, also known as Octo2. Once installed, this will attempt to steal sensitive data from apps already loaded on the device, including banking apps, the Swiss NCSC said.QR Code Postal Cyber Attacks Look To Exploit Lack Of Ingrained SuspicionDelivering QR code letters physically via Switzerlands postal service is an effective way for criminals to catch out unsuspecting victims, Mike Britton, chief information officer at Abnormal Security, said, by pretending to be a trusted source, threat actors are banking on the lack of caution that recipients may have.MORE FOR YOUAccording to Britton, as a relatively new attack vector these kind of QR code scams simply dont have the kind of ingrained suspicion that people might increasingly apply to other, more traditional, phishing techniques.Just as weve seen in the UK with a recent Winter fuel payments scam, attackers are seeing success in imitating trusted sources in a timely manner, Britton warned, unlike on the web where you can use automated solutions to catch out phishing attempts, these attacks will be solely down to the individual to catch out.Snail Mail Cyber Attacks Only Target Android UsersThe good news is that these cyber attacks are only targeting people and businesses within Switzerland. The better news, for Swiss iPhone users at least, is that they are also only targeting Android smartphone users.The Swiss NCSC advised that anyone who has received such a letter from these new cyber attacks and already downloaded the app should reset their device to factory settings to remove all trace of it.I can only assume that, if these cyber attacks have been successful enough, other threat actors in other countries will try to repeat them. In which case, the advice to ignore such letters and only download apps from official app stores applies to everyone reading this.
0 Comentários 0 Compartilhamentos 36 Visualizações