Friday 11th February 2022

BLOG: Threat Actors – Every Day Is Valentine’s Day

Threat actors will always find ways to utilise occasions to launch their unsavoury actions, whether it be through zero-day vulnerabilities or days like Valentine’s Day. Last year cybersecurity professionals discovered over 400 Valentine’s Day-themed phishing campaigns were active every week in January 2021. The most common cybercrime fraud aimed at Valentine’s Day is imposter sites. Last year we discussed the incident in which Pandora became a target of an online phishing scam when people were sent emails by a fake website trying to copy the jewellery brand.

The fake website showed Pandora products at an excessively low rate in the week leading up to Valentine’s Day. This is unsurprising as the huge sales during Valentines Day is one of the perfect targets.

This year the FBI notified the public over costly Valentine’s Day texts. In 2020, romance and confidence scams ranked in the top 10 recorded complaints from the FBI’s Internet Crime Complaint Centre (IC3), with 23,751 recorded victims. Victim losses for romance scams exceeded $600 million/£442 million, second only to Business Email Compromise/Email Account Compromise.

Business Email Compromise scams are typically emails that appear as though they were sent by someone working within the same organisation as the intended target. Where Valentines Day is involved, the threat actor may pose as the interest of the target by asking them to provide money for them. 

The invasion of Valentine’s Day cybercrime is not a recent thing. One of the biggest cyber-attacks in history known as the “ILOVEYOU” malware virus occurred in 2000. The malware hid as an attachment in an email with the subject line ILOVEYOU. Once targets opened the attached “love note,” the malware would then spread through the target’s computer, rewriting sensitive files, and infecting the victim’s contacts. The ‘Love Bug’ has its notoriety as one of the most destructive cyberattacks in history, causing billions worth of damage. This is another example of how threat actor tactics will continue to develop.

In 2007 cybersecurity professionals were warning users about a widespread worm posing as a Valentine’s Day greeting that is spreading quickly. The worm reportedly accounted for 76.4% of all malware sighted at Sophos’ global network of virus monitoring stations. The email subject lines used in the attack seemed to all pose as a romantic message, with names such as “A Valentine Love Song,” “Be My Valentine,” and similar titles, the dangerous worm was encrypted in files that are attached to the e-mail. Cybersecurity researchers said the worm was designed to download a Trojan that was set up in the infected computer and leave it open to remote control for threat actors. 

Malware is not the only tactic that threat actors use. Data breaches involving dating platforms are highly sought after by threat actors due to the personal information they contain. One of the most well-known breaches was the illicit dating service Ashley Madison data leakage of 2015 where cybercriminals managed to steal and release the private information of more than 32 million users, and credit card data on the dark web. 

The Ashley Madison data breach is one of the most recognised data breaches in the dating technology field. Many other dating technology networks have experienced similar breaches, researchers showed that the dating app Bumble had a software vulnerability in their API that left the personal data of more than 100 million users vulnerable.

Bumble stated that there was no user data was compromised but such a breach left the personal data about its users vulnerable to malicious threat actors. This data could easily be used to commit fraud, create profiles, or potentially demand ransom payments from other users or on other social media networking sites. Compromised data like this can easily be sold on the dark web and in cybercriminal forums and marketplaces highlighted the presence of several listings about dating services.

Emails are another method of threat actors executing their malicious plans. In 2019, the infamous ransomware group Gandcrab spread via emails with malicious attachments – one of its most popular vectors. Researchers identified emails delivering the same version of Gandcrab with different subject lines related to romance: “This is my love letter to you,” for example, or “Wrote my thoughts down about you.” Attached is a zip file with a name similar to Love_You_2018, plus a few random digits.

Executing the file downloads and launches the ransomware. After this, targeted victims receive a note with a link; if clicked, it asks the user to authenticate by uploading a file created by the malware, submitting the file will bring victims to a page where attackers demand ransom in exchange for their files’ safe return. This campaign wants $2,500/£1,842 per victim within seven days of the attack.

Organisations and individuals must stay vigilant and aware of the potential cybercrime they may susceptible to, to understand how Orpheus Cyber threat led platform can mitigate your risks and more, click here.

Get our latest cyber intelligence insights straight into your inbox

Fill out the short form below to subscribe to our newsletter so that you never miss out on our cyber intelligence insights and news.