Beware: Walking Dead Phishing Schemes and Malware

Beware: Walking Dead Phishing Schemes and Malware

This post is meant to act as a means to inform people that there will be Walking Dead Phishing Schemes and Phishing in the coming days as well as associated malware. These are from my own perspective. While I make every effort to be thorough and hit every aspect, there are times that I inadvertently omit things or skip them due to scope, time, length or applicability. Email any questions you have about this or any other topic to blog@advancedpersistentsecurity.net

This seems to be a growing trend, but every time a major pop culture event occurs, fraudsters and other schemers take to the internet to deceive. Tonight’s Season 7 Premier of AMC’s The Walking Dead is no different.

My ANALYSIS

I have not noticed anything phishy talking about who met Lucille (Neegan’s baseball bat covered in barbed wire), but I assure you – they are coming. This will akin to Prince’s Death, the Election (upcoming), and Hurricane Matthew (pathetic – I know). The posts and emails will be targeting two groups of people: the super fans that cannot get enough of The Walking Dead and those who are clicking only for the pop culture reference or to jump on the proverbial bandwagon.

Expect something to this tune:

The Walking Dead

This capitalizes off the aim for urgency, status quo, fitting in, or suspense in successful Social Engineering attacks. While the victim may find out who (if anyone) was killed on the show, they may get more than they bargained for. Read my advice below for some tips to stay secure.

Advice

My advice to you in staying secure during these possible times for major hoaxes is to follow these tidbits of wisdom:

  • If it seems too good to be true – it probably is.
  • If it claims to give inside information or spoilers ahead of time – it will probably spoil your system (with malware).
  • Only view reputable sites and social media for such news. If for a TV show like The Walking Dead, check AMC (or the appropriate network).
  • When clicking links on social media platforms, hover over the link and observe the website that it’s sending you to.
  • If the website is a shortened or obscure URL like bit.ly (nothing against them, but this is a popular attack method), right click “Copy Link Address” and go to Virus Total (A Google Project) and select URL then paste it and “Scan It!”
    • This will tell you if the URL is known to be malicious. Just because it says no does not mean that the site is safe, it may have not been reported enough yet.
    • You can also use this site for uploading software to check it for malware as well.
  • Ask someone like myself or another information security professional.

How attackers can streamline this for your area

Simply, using hashtags associated with The Walking Dead or TWD would be a simple “spray and pray” approach. Alternatively, they can use Justin Nordine‘s OSINT (Open Source Intelligence) Framework. This allows various attack methods, but for this, I would recommend using the Social Networks > Twitter > Location / Mapping > GeoChirp or MIT Map. This allows me to look at maps of areas and see what is trending on Twitter in near real time if the person tweeting has location services on.

Alternatively, I can take a page out of Justin Seitz‘s book and write a python script that interacts with Twitter API (Automated Programming Interface) and look at tweets within a certain context: such as hashtag, user, or geographic area. This could also be used to build tweets and poison the well per se as well. For this, I can integrate with other tools like OSINT Framework or Social Engineer Toolkit to build a good phish, back story, or pretext for attack.


Announcements

O’Reilly Media is launching their inaugural Security conference in New York (Oct 31- Nov 2), with their first European event shortly after in Amsterdam (9-11 Nov), to provide infosec practitioners with pragmatic tools, techniques, and know-how for building better defenses.
Register today and save 20% (on Gold, Silver & Bronze passes) with discount code APS20. Plus, take advantage of the Buy One, Get One offer for the O’Reilly Security Conference. Simply purchase a pass and then request a unique code to get a free pass for a colleague. Learn more at oreillysecuritycon.com

OTHER APS POSTS

Implications of Powershell Going Open Source
Yahoo Data Breach: What We Know Now
Most of What You Need to Know: Wi-Fi
Cybersecurity & the US 2016 Presidential Election
Most of What You Need to Know: Passwords
Twitter Hacked?
Change Your Email Password Now!
Qatar Bank Breached After Bangladesh
Bangladesh Bank Loses 80 Million USD

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will).  To learn more about us, check out our “About Us” page.

Enter your email address:


Delivered by FeedBurner

Subscribe to our mailing list

* indicates required



About Joe Gray

Joe Gray is a native of East Tennessee. He joined the U.S. Navy directly out of High School and served for 7 years as a Submarine Navigation Electronics Technician. Since leaving the Navy, Joe has lived and worked in St. Louis, MO, Richmond, VA, and Atlanta, GA. His primary experience is in the Information Assurance (IA) and Cyber Security compliance field. He has worked as a Systems Engineer, Information Systems Auditor, Senior UNIX Administrator, Information Systems Security Officer, and Director of IT Security. Joe is in pursuit of his PhD in Information Technology (with focus in Information Assurance and Security). His undergraduate and graduate degrees are also in Information Technology (with focus in Information Assurance and Security) from Capella University, where he graduated Summa Cum Laude for both degrees and completed a Graduate Certificate in Business Intelligence. He also is a part-time (Adjunct) Faculty at Georgia Gwinnett College. Joe holds the (ISC)² CISSP-ISSMP, GIAC GSNA, CompTIA Security+, CompTIA Network+, and CompTIA A+ certifications. In his spare time, Joe enjoys reading news relevant to information security, blogging, bass fishing, and flying his drone in addition to tinkering with and testing scripts in R and Python.