Protests in support of the #BlackLivesMatter movement across the US were harmed by DDoS attacks and Malspam Emails attacks these past days.

This is not the first time cybercriminals look at popular movements, political happenings, or sporting events (Super Bowl, World Cup) for a quick payday. 

… In all probability, the attacks to the Black Lives Matter movement won’t be the last time such things happen either.

DDoS attacks against #BlackLivesMatter sympathizers

Organizations advocating for racial justice and civil liberties are increasingly coming under cyber-attacks by unknown groups of trolls, cybercriminals, and other threat actors.

Cloudflare’s network protection service, for instance, recorded an astonishing 1120 times increase in cyberattacks on advocacy groups.  

The firm detected malicious HTTP requests in May and April (that they immediately blocked). It went from 116.3 billion on April 25 to over 135.5 billion a month later (May 30/31)

Mentioned “requests” refer to distributed denial-of-service (DDoS) attacks trying to break into websites, apps, or application programming interfaces (APIs).

A DDoS attack is designed to take down servers and network resources with huge amounts of malicious connection requests or malformed packets. These can slow down or completely crash the server, denying access to legitimate users.

CEO Matthew Prince along with CTO John Graham-Cumming noted that these rights groups went from suffering almost no attacks at all in April to 20,000 malicious requests a second on just one site.

We can all agree that civil liberties and racial justice defenders are a brave, vital part of society.

That they have to expose themselves to frequent harassment from groups of trolls and cybercriminals seems unfair…

Fortunately, Cloudflare’s Project Galileo provides free cybersecurity protection to human rights groups.

Cloudflare’s Project Galileo

The Project was designed to shield organizations in the fields of rights, democracy, journalism from widespread online attempts to silence them.

You can check out Cloudflare’s wonderful initiative here

As the cybersecurity provider explains: “Unfortunately if recent history is any guide, those who speak out against oppression will continue to face cyber-attacks that attempt to silence them.

Incidentally, BlackLivesMatter advocacy groups weren’t the only victims of DDoS attacks during this period. Cloudflare also recorded up to a three-fold increase in attacks on US law-enforcement and military sites.

The American Civil Liberties Union (ACLU) and the National Association for the Advancement of Colored People (NAACP) are currently working on overtime because of the harassment they face from rising cyber-attacks.

At MyItGuy, we haven’t stopped working to protect you either. Someone has to monitor & support your servers while you focus on business and social objectives. 

Anti-phishing Email Protection is critical, too, as the number of MalSpam emails targeting BLM has drastically increased in the past few days.

Because you see… DDoS attacks aren’t the only active threat right now…

Malspam Emails with TrickBot Malware Within

Cybercriminals, being the unsavory people they are, have begun distributing the infamous TrickBot malware through fake BlackLivesMatter Malspam campaigns.

TrickBot was historically an e-banking trojan. These days, it is used to collect credentials from a victim’s emails, browsers, and installed network apps.

Trickbot even installs ransomware such as Ryuk on the victim’s computer.

The Swiss security firm, Abuse.ch, explains how the scam has been working:

Cybercriminals are posing as government officials to provoke socially conscious victims to click on a malicious attachment inside an email. 

The subject line of these spam emails says, “Vote anonymous about Black Lives Matter” or “Leave a review confidentially about Black Lives Matter,” indicating that the mail contains a survey.

If you open the attachment, a button urging you to “Enable Editing” or “Enable Content” pops up. If this is clicked, the malicious macros activate, downloading TrickBot as a malicious library (.DLL file).

What to Do?

At the time you’re reading this, thousands of innocent activists have likely fallen into this trap.

What we need to do is share the information with general people and business owners. We all need to be mindful and avoid red flags.

Firstly, check the sender’s name very carefully, especially when you haven’t received similar mails before.

Educating your employees about phishing and the common campaigns in circulation today is also important.

You can send them this brief-article so they can be aware and take the necessary actions.

And Last but not least… Be aware that simply doing this is not enough to prevent cyber-attacks. There’s an obscene amount of malware on the Internet right now, stealing private information and ruining finances.

An incident could happen to you and set your company back by years if your brand reputation suffers damage.

This is why we have offered professional IT Security services for the past many years.

 Contact the MyitGuy team to sleep peacefully, knowing that your credentials are safe 24/7.