I have been thinking about what happens to the issues of online safety when the economy is plagued by a recession. The following is my reasoning on the type of online safety issues one can expect in a recession.
As it is abundantly obvious, we are in a recession. A recession brings with it job cuts, bankruptcies, tax cuts, government spending programs, stimulus payments and extremely potent investing opportunities with guaranteed returns.
The malware economy is comprised of several attack vectors including spam, phish, malware, bots and root kits. The malware economy works in the following ways:
1. Attacks aimed at selling goods through unsolicited mail.
2. Attacks aimed at stealing personal information or information that can be used to access personal finances.
3. Attacks aimed at utilizing computer and network resources to mount other attacks.
The success of malware attacks is based on their ability of the attack front (the part of the attack that a user can see) to attract, entice or mislead a user into an action.
A spam mail will attempt to play on a user’s needs or wants in order to push the user into following the spam mail to where the attack can be completed.
A phish attack entices a user into clicking on a URL that takes them to an illegal website that looks and feels like a legitimate website. The user is then misled into entering personal information or downloading an exe that once installed, begins harvesting the user’s personal information, address book etc to launch further attacks.
A malware attack begins with misleading a user into downloading a malicious exe. This is achieved by either making the user browse to a malicious website, or disguise the malicious executable as an inconspicuous file such as a word document or a pdf document. The downloaded malicious exe can then relinquish control of the PC it is installed on to a remote attacker.
So far, we know that the malware economy works by being extremely good at attracting a user, enticing them or misleading them.
The next question thus becomes: What would the malware economy do to thrive in a recession.
The answer, in my opinion, is that the malware economy will improvise attack fronts that play on the recession and its effects. Attacks will probably use the idea of job cuts, unemployment benefits, free money from government programs, stimulus payments etc. Unsuspecting users will be misled into thinking that the attack fronts are legitimate.
There are already email scams out there that contain notifications of tax refunds that ask users to go to a phishing website that is posing as the IRS. This site will collect any information the user enters and use that information to carry out further attacks.
How does one protect oneself in such times? I, for one, am treating such communication (email, websites, documents from un trusted sources, downloadable EXEs) with extreme caution. What is the attack front? What does it look like? What “idea” is it selling? Is the attack front opportune?
What do you think about the above reasoning? Do you have any other ideas or counterarguments? Please let me know!!
