As we now approach the final week going into Christmas and these last few days of shopping, people are scurrying around to find those last-minute  gifts for friends and family.  But as I have written before, also be on extra guard: This is the time when the Cyber attacker comes out and tries to ensnare in any way possible to get to your Personal Identification Information (PII). 

If you want to know of the top ways to protect yourself in this instance, conducting a simple Google search will reveal a plethora of information that you can readily use.

But another sort of unusual trend is also happening:  Cyber attackers trying to cause mass confusion on Critical Infrastructure points here in the United States.  This was the case late last week. 

Apparently, a large number of number of businesses, educational institutions, and government agencies as well as individuals across the United States and even in New Zealand and Canada received bomb threats. 

These threats were delivered via emails which caused nationwide havoc and chaos, which forced widespread evacuations by law enforcement officials across all levels. Supposedly, these emails were launched by low level spammers, threatening people that someone has planted bombs within their building would go off unless money was paid to them by the end of the business day.

But the payment demand was no ordinary one – they wanted to be paid at least $20,000 not in cash, but by Bitcoin. 

One of the E-Mail messages read as follows:

“I write to inform you that my man has carried the bomb (Tetryl) into the building where your business is located.

It was assembled according to my instructions. It can be hidden anywhere because of its small size, it cannot damage the supporting building structures, but there will be many victims in case of its explosion.

You must pay me by the end of the working day, and if you are late with the transaction the bomb will explode.

This is just a business, if I do not see the bitcoins and a bomb detonates, other companies will transfer me more money, because it isn’t a single case.”

(SOURCE:  https://thehackernews.com/2018/12/bomb-email-hoax-bitcoin.html)

After all of this was reported to law enforcement across all of the major cities that were impacted by this E-Mail, all of the buildings were immediately evacuated, and an exhaustive search was conducted in each of them.  Luckily, no bombs were ever found.

But even after a quick review of the above E-Mail message, Cybersecurity researchers quickly realized that the whole thing was just one massive hoax, in an attempt to cause mass hysteria and confusion.  For example, the language of the content itself.  Just the way it was written, and the poor grammar as well as sentence syntax is immediately indicative of a spoofed E-Mail.

Eventually, both Cybersecurity researchers and law enforcement strongly believe that the group that launched this Cyberattack were the same ones that were behind another “sextortion” campaign that was launched earlier this year as well.  There are many similarities between these two attacks, which are as follows:

*The use of the same subject headers such as: “You’re my victim” and “You’re life in my hands”;

*The content of the E-Mail messages that were sent between the two Cyberattacks are almost identical;

*The IP Addresses for the bomb that E-Mails were the same that were used for the “sextortion” campaign;

*There were 17 Bitcoin Addresses that were used in the recent E-Mail Cyberattack.  Of these, only two o them had positive bank balances, in the amount of less than $1.00;

*In both attacks, Cybersecurity researchers firmly believe that the IP Addresses came from a hosting/registrar-based Internet company with the domain of “reg.ru”.  This has led to the belief that the websites that were hosted on this company were compromised for the PII which was used to launch the E-Mail Cyberattacks.

In the end, it was concluded that this specific Cyberattack was just a very amateur attempt in getting public notoriety, and extortion.  Cybersecurity researchers also believe that it was very poorly planned and executed, given all of the telltale pieces of evidence that have been left behind, with the ultimate goal of making a quick buck.

The FBI has also launched their own investigation into this as well.

My thoughts on this?

Yes, this may have been an amateurish attempt, but look at the results it has yielded.  It caused mass confusion and fear with the public located at Critical Infrastructure points.  My prediction (along with many others) is that we will start to see many of these kinds of Cyberattacks starting next year.  It has always been predicted that Critical Infrastructure will soon be a major point of impact, and this only be the start.

But my predictions are a bit direr than that.  For example, this same group that just launched this recent Cyberattack could team up with a much more sophisticated one.  As they launch this novice style of attack, the more sophisticated group could come in and launch much more devastating Cyberattacks while everybody’s guard is down because of the sheer panic from the first wave of attacks. 

For instance, real Critical Infrastructure points could be impacted, as well as Digital Assets from the IT Infrastructures of major cities, while the public is still recovering from the state of shock of the first attack wave.  But it is also important to keep in mind that with any sort of sophisticated form of Cyberattack, the hacker is going to take their own time to research their targets.  They won’t be in any rush to execute a Cyberattack, because they want to find ways in which they can stay in the target zone for an extended period of time, going unnoticed.

In other words, the days of when the Cyber attacker would come all out and get everything, they can in the first attempt are fast dissipating.  This is what makes it that much more difficult for businesses and corporations to detect any Cyberthreats that are looming on the horizon.  But of course, there are much more advanced tools that are coming out in this regard, such as the use of Machine Learning (ML) and Artificial Intelligence (AI).

But, another prediction of mine is also that the days of when the Cyberattacker simply goes after passwords and credit card numbers are also disappearing fast.  Rather, their goal now is cause real physical harm to innocent people, and perhaps even cripple an entire city and hold it hostage, much like a Ransomware attack. 

But rather than hitting computers and servers, it will be physical objects that we touch and feel with on a daily basis that will be the primary target.

The year 2019 for sure will be an interesting one to see how the Cyberthreat landscape unfolds.  But believe, it won’t be a pretty picture.