MSPs need to be prepared for summer disasters

We have reached the middle of August and are on the cusp of peak hurricane season. But we don’t need a disastrous hurricane to hit the United States for cybercriminals to stalk their victims. The U.S. has already had its share of disasters in 2023.

Beware of modern-day looting

The unprecedented destruction caused by wildfires in Maui and the arrival of hurricane season in the United States is prompting some experts to urge Americans to be on alert for increased cybercriminal activity. “Criminals have capitalized on tragedy since the beginning of time. Looting, for instance, often happens after a disaster, and cybercrime can be considered modern-day looting,” says Kyle Spencer, a cybersecurity and disaster consultant in Atlanta, GA.

Local authorities have reported that there have been fake Maui relief effort emails circulating through the U.S. with links that can deliver a nasty payload if downloaded. “While it may not seem this way sometimes, human nature is wired for kindness, and cybercriminals will exploit that; who wouldn’t want to help people who have lost everything to a natural disaster?” Spencer asks.

MSPs are well-positioned to shore up defenses

He also notes that managed service providers (MSPs) have a role to play as emotional traffic cops. “Humans are emotional and will fall prey to a natural disaster-related scam easier than others. An MSP using its array of tools can ensure defenses are beefed up, certain keywords are monitored or blocked, and user training is up to date.”

Spencer points to these as the top threats following a disaster:

Phishing attacks: Cybercriminals send emails or text messages that appear to be from a legitimate source, such as a government agency or relief organization. These messages may contain links or attachments that, when clicked, install malware on the victim’s computer. “This is the gold standard for a hacker,” says Spencer.

Recently, an accounting firm in Honolulu received several emails in employee inboxes purporting to be from a Hawaiian relief organization helping Maui fire victims. People wanted to help, and the accounting firm’s system had been compromised within an hour.

Taking advantage of system vulnerabilities: Natural disasters can create vulnerabilities that cybercriminals can exploit. For example, attackers can gain unauthorized access to systems if a power outage disrupts network connections. “This is especially true when a hurricane comes through and wipes out large swaths of infrastructure,” Spencer warns.

Using social media: Cybercriminals can use social media to spread misinformation and propaganda or to target victims with phishing attacks. They may also use social media to track the movements of relief workers and other first responders and target them in their attacks.

“Look for emails from the Red Cross and Mennonite Disaster Relief service as being ones to keep an extra close eye on; criminals use those well-known names to hide behind,” Spencer advises.

Why is social engineering so effective after disasters?

“This is where a psychologist might be a better person to talk to than an IT person, but people feel stressed, anxious, and overwhelmed. After a disaster, there is a state of heightened emotion. This can make them more likely to be taken in by a scam or phishing email that plays on these emotions,” Spencer explains, adding that this is difficult to combat with traditional firewalls or software.

“This is a human problem, and it takes user training and education to have the best shot.” He also adds that cybercriminals are preying on people’s desire to help.

“They are looking for information and assistance. After a disaster, people are often looking for information about what to do next or how to get help. This makes them more likely to click on a link or open an attachment in an email that promises to provide this information.” Spencer also warns that savvy cybercriminals can prey on distrust to do their deeds.

“After a disaster, people may distrust others, including those trying to help them. This can make them more likely to question the authenticity of an email. Still, it can also make them more likely to fall for a scam that preys on their distrust,” Spencer says, such as an email from an organization purporting to be an “official” one.

And there is also just the “fog of war” mentality that settles on people who have gone through a disaster. “There’s just been a huge disaster, a bunch of damage and fatalities, people aren’t necessarily thinking or caring about what happens if they click a link,” Spencer says, “and cybercriminals know this.”

Offer a solution

In addition to user training, Spencer says that through inter-office email or some other secure company-approved method, companies could circulate a pre-approved list of charities and organizations with links and directions on how to help. “This is a proactive way not only to help people help others but also essentially blunt an attack from a cybercriminal.

Photo: Ryan DeBerardinis / Shutterstock

This post originally appeared on Smarter MSP.