SIMON BROWN: I’m chatting with David Emm, senior security researcher at Kaspersky. David, I appreciate the time. We see an increase in cyber threats. They came out with a report for Q2 and in Africa – South Africa, Kenya, Nigeria – we see that up. Mostly phishing attacks. This isn’t like the old days in the movies where a kid in front of a computer screen was trying to hack the password. This is social engineering and makes us want to be the weak link.
DAVID EMM: Yes absolutely. This is pretty organized stuff. And indeed, we’ve seen an increase in financial phishing in general around the world. It kinda goes up and down [having] fluctuated in the last six or seven years. But we’ve really seen an increase from 2021 and 2022 in general.
But you’re right, it’s not an opportunistic thing. It’s getting more and more targeted. So people organize that and they try to push the buttons that they know people are likely to react to, in terms of the topics they choose and so on.
SIMON BROWN: I get them for me. There are two that I get a lot from. One is supposedly from my crypto exchange, the other is that a package is stuck in customs and I have to pay a small amount. They come to me via text message. I have [a friend] who fell for the package. She wasn’t expecting a package, but it was the excitement. You pull on those emotions. The crypto says you will lose your bitcoin.
DAVID EMM: Exactly. Let’s face it, in the cold light of day, few of us would actually reply to those phishing emails or phishing text messages or social media messages — but it’s never in the cold light of day. They always try to get us to react emotionally rather than rationally.
One thing that certainly happened – you mentioned the delivery items – [is that] Of course, with the pandemic, so many of us who are working from home have been relying on these shipments and therefore expected to receive news of these shipments, and it’s actually not that “out of the blue”. They’ve capitalized on it, with really every aspect of this pandemic that they’ve tried to somehow attach themselves to.
SIMON BROWN: Are we seeing an increasing use of this personal phishing, this social engineering, to infiltrate institutions? Of course you can attack me and you can get my bitcoin, you can get my credit card. It’s nice, but if you can get into an online retailer, financial institution, there’s a much bigger treasure trove.
DAVID EMM: Yes, that is absolutely correct. We’ve seen this kind of shift toward a greater focus on companies than individuals. However, we’re still talking about a 60/40 split – so 60% of that is targeting consumers, almost 40% targeting businesses. But from an attacker’s perspective, it’s clear that, as you said, if you’re targeting an organization, there are richer prey, and indeed we’re seeing the same kind of trajectory with ransomware.
A few years ago this would have been given out randomly to everyone. Of course it’s nice when you can get $300 from a lot of different people, but if you can get a million or tens or hundreds of thousands of it when you cater to an institution, then it’s a lot more lucrative.
Same goes for the phishing stuff. If you can somehow gain access to an organization, gain access to credentials that will allow you to join that organization and ideally access their money, then it will be far more lucrative than just chasing you or me .
SIMON BROWN: You mentioned ransomware. It’s faded I remember one of them and I forgot their name but they had a website, they had a support center to help you decrypt your hard drive to get bitcoin. Again, these aren’t just any screenwriting kiddies sitting in their mother’s basement. Some of these are semi-organizations.
DAVID EMM: Yes, absolutely. And in terms of ransomware types, some of them make millions. So no, absolutely. This is serious business, hence the type of movement to target organizations; It’s kind of a reverse scale, because while there’s richer choice on the one hand, you need to be more organized on the other. It’s not that easy to do.
But whether it’s you or me, or the organization we work for, the human being is usually the first port of call, and getting you or me to do something gives them the first grip . The human aspect of security is still a central element.
SIMON BROWN: Again, because it was that human element, back then – I’m thinking the nineties, the early two thousand – it was the love letter bug and stuff. My software on my computer, my antivirus software, would pick it up and raise a big alarm! with me. The antivirus software won’t necessarily help. This is about education, awareness, just being technologically smart, especially for organizations, but also for individuals.
DAVID EMM: Absolutely. Our antivirus programs are great and will increasingly catch known phishing URLs and the like. Nevertheless, there is always the possibility of entering via humans.
It has to be said that not everything has to do with malware, with malicious software. You could just look at text; There’s always a chance something can slip through the filters, and as such, our response to something like this may be under the radar to some degree. So that’s really critical, whether it’s the more opportunistic crime to the sophisticated, targeted, advanced, persistent threats that we’re seeing.
Still, the starting point for many of these threats, one thing they have in common, is that they track this type of human aspect and try to trick us into doing something that compromises security.
SIMON BROWN: And it’s always changing. I mentioned the SMS I get; it was ransomware at a level. I remember a few years ago it was a phone call from a call center telling me I had a windows virus. I’m on a Mac. It’s always been a scam for me, but it’s this evolution.
DAVID EMM: It definitely is. One of the great things from the criminals’ perspective during the pandemic was that it was kind of a “gift.” [keeps] in giving’. Usually, with the issues they rely on, they’re kind of here today and gone tomorrow. It could be the World Cup, it could be a natural disaster, it could be geopolitical concerns, it could be Valentine’s Day, it could be Black Friday – but they’re here today and gone tomorrow.
[But] With the pandemic, we had so many different aspects to it. You know, we had the issue of government programs to help people. We had the tax aspect, the health aspect and delivery companies. Around every corner there was a new aspect to latch on to. And of course, when we all started working from home, that also got in their sights, because here was another aspect – that we weren’t necessarily as protected as we would have been within the division.
SIMON BROWN: One quick last question. We make it sound like a horror show out there – and in a way it is, in a way it isn’t. Do the authorities have much success in catching people, in tracking them down? If I remember correctly, some of the ransomware people were based in Russia. You may know who they were, but how did you come across them?
DAVID EMM: That definitely makes it difficult. This world is a connected place for the criminals. It’s a single unit. Obviously, on a human level, we have to deal with geopolitical and cultural and other kinds of differences. They have some successes, no question.
But rather than looking at it as a horror show, I think people should think about how these guys are doing it so we can actually take steps to deal with it. We touched a few times [this being] about education. Raising our awareness of the approaches they are taking is really, really important. Obviously, companies will try to put protections in place, rely on threat intelligence from companies like Kaspersky or whatever, and do the updates in a timely manner, but raising people’s awareness so they become less vulnerable to these approaches is really vital.
SIMON BROWN: Yes, it is vital. i take your point It sounds scary, but I think a lot of people are smart. And I think we get smarter every time we get that text message or that email — and we’re like, no, I’ve seen that before.
We leave it there. David Emm and senior security researcher at Kaspersky, I really appreciate today.
Listen to the full MoneywebNOW podcast every weekday morning here.