How cyber attackers used the Bond movie ‘No Time to Die’ to exploit fans

Spam and phishing attacks soared in 2021 as cybercriminals lured users into focusing on topics related to lucrative investments, streaming box office hits online, including the James Bond movie No time to die, and pandemic-related themes, according to Kaspersky’s latest annual report.

Risks of cyberattacks have risen sharply, with fraudsters impersonating reputable individuals and entities in line with increased adoption of digitalization, the Moscow-based cybersecurity firm said.

“The equation here is very simple: the more things connected to the Internet, the greater the possibilities for exploitation and the greater the attack surface,” said Amir Kanaan, general manager for the Middle East. , Turkey and Africa at Kaspersky. The National.

“As we continue to push the boundaries of what technology can do, cybersecurity should always be a top priority for innovators and stay on top of any new technology. However, most of the time it is neglected.

The average financial impact of a ransomware attack in the Middle East, Turkey and Africa reached around $882,000 in 2021, Kanaan said.

Spam emails are unsolicited messages sent in bulk that potentially contain malicious content, while phishing involves fake emails that appear to come from a trusted source with the aim of securing personal information, such as passwords and credit card numbers.

The share of spam in global traffic averaged 45.6% in 2021, peaking at 48% in June. Although this is down from the 50.4% average in 2020, it is still significant.

The majority of spam in 2021 came from Russia (24.77%), followed by Germany (14.12%), the United States (10.46%), China (8.73%) and the Netherlands (4.75%), according to Kaspersky. Rates increased in all countries except the United States, which remained stable.

In 2021, more than 148 million malicious attachments were blocked by Kaspersky technology, compared to 184 million in 2020. October saw the highest number of attacks blocked, accounting for around 10%, or 15 million, of the 2021 total .

Here are the top three strategies used by cybercriminals in 2021 to trick people into disclosing their information:

Investments without return

As investment interest gains momentum in 2021, cybercriminals have taken advantage of this to defraud vulnerable users and steal money, including by posing as popular companies or businessmen.

In Russia, for example, scammers disguised themselves as Tesla CEO Elon Musk and energy giant Gazprom Neft to attract attention and gain people’s trust for their “investment projects”. . In some cases, they would invite a “client” for a consultation with a “specialist” to try to establish their legitimacy.

The result was the same: the investor would receive nothing in return for handing over his money to the scammers.

Stream the wrong series

With the easing of pandemic restrictions in 2021, the entertainment industry has made a comeback, with movie studios – and cybercriminals – aiming to cash in on popular films.

Fraudsters lured users by claiming to stream some of the biggest box office releases and sporting events of the year.

They used different strategies to gain victims’ trust, such as using official advertisements and providing a synopsis of the movie on an illicit website, Kaspersky said.

In September, Kaspersky reported that hackers exploited the buzz surrounding the James Bond film no time to die by delivering malicious ads, pop-ups and phishing websites related to the movie that promised free access to the movie.

In December, he also sounded the alarm over the hype surrounding the release of Marvel’s Spider-Man: No Coming Homewarning that cybercriminals were using the same tactic to spread malware and steal credit card information.

“Widely discussed topics like money, movie premieres and world events, like the pandemic, have always been ‘bread and butter’ for scammers. We keep seeing it come back year after year” , Tatyana Sherbakova, security expert at Kaspersky, said in the report.

Talking about the virus

Cybercriminals did their best to take advantage of the pandemic and continued to send messages about compensation and subsidies related to easing the burden of the global economic downturn.

The emails used references to laws and names of government organizations to make them more compelling. To receive compensation, the cybercriminals asked recipients to pay a small fee to cover the cost of the transfer, which involved providing bank card details, which the crooks would then obtain.

The sale of fake Covid-19 vaccination passes and QR codes was also another source of revenue for cybercriminals, highlighting how quickly they could produce fake documents. Buyers were required to reveal sensitive personal information to the “resellers” of the certificates to complete the transaction.

“These scams are proving very effective because people continue to over-trust what they see in their inboxes and browsers,” Ms Sherbakova said.

Updated: February 19, 2022, 4:30 a.m.