Cybercrime and the Dangerous Art of Misdirection

May 21, 2020

There’s a lot you can learn from a magician. 

After deftly losing your card in the deck so that it’s impenetrably gone, somehow—miraculously?—it emerges on top. Your mouth agape, the applause flows unsolicited. 

Such is the art of misdirection.

In the world of magic, misdirection is the skill of manipulating attention away from one event or object to focus on something else, so that you miss the mechanisms by which the trick actually works.

COVID-19, the Perfect Opportunity for Misdirection 

In the world of cyber security, misdirection is an indispensable asset, enabling attackers to get away with things that would otherwise be detected. Threat actors have long used the art of misdirection to pull off complex cyber attacks and it’s used by some of the most notorious APT groups, criminally-motivated attackers and hacktivists alike. Attackers might use misdirection to throw researchers off their trail or conceal what’s really happening.

And while you were distracted by current events, attackers took—and continue to take—advantage of the situation to pull off some very large-scale attacks unnoticed.

The COVID-19 pandemic has captured our attention in ways nothing before—and quite possibly nothing after—has or will. Every news report, every conversation, and certainly every social media post is fixated on the present reality and its impact on our daily lives. And this world-wide obsession with all things Corona-and-lockdown related has presented attackers with the optimal circumstances to launch attacks totally unnoticed. Moreover, with a significant portion of the population working from home, using less-than-ideal security practices, people are less equipped to protect themselves than when working in-office, using corporate grade-security solutions. Corona, it seems, is a magical playground of misdirection opportunity for bad actors. 

COVID-19 Ransomware Goes Covert

For starters, let’s look at the threat of ransomware; Ransomware has always been a massive headache for any organization. But now, attackers are taking advantage of the uncertainty created by COVID-19 to lure in even more victims. According to researchers at VMware, ransomware has seen a 148% increase since the beginning of the pandemic, with upticks in incidents directly correlating to certain noteworthy days along the timeline of the pandemic.

In mid-April, a variant of the HiddenTear ransomware was found to be using COVID-themed Word documents to encrypt files on host computers. Other ransomware variants use infected documents masquerading as information regarding free financial services, vaccines and masks, or video conferencing platforms. NetWalker ransomware has been spotted using a file called CORONAVIRUS_COVID-19.vbs to distribute its malicious payload. 

Of particular note to us here at Safe-T, in early April, as healthcare workers scrambled to save lives, hospitals around the US began to get hit with REvil (Sodinokibi) ransomware. REvil targets hospital networks looking for vulnerable VPNs and when it finds them, according to researchers at Microsoft, “After successful exploitation, attackers steal credentials, elevate their privileges and move laterally across compromised networks to ensure persistence before installing ransomware or other malware payloads.” So this is yet another reminder that your VPNs might not be offering quite as much protection as you think they are. 

Phishing for Fear 

Next let’s explore the rampant COVID-19-themed phishing scams; In April, Google announced that they were blocking, on average, 126 million COVID-19-themed phishing emails per week and another 240 million COVID-19-themed spam emails per day. Attackers are well aware that in the drive to keep yourself and your loved ones safe, good judgement might just go out the window. With emails that appear to be sent from the World Health Organization (WHO) or supposedly contain an urgent message from your bank regarding the situation, attackers pull at heartstrings and compel distracted targets to open attachments and click links.

In one particularly upsetting attack, nation-state backed attackers were found to be sending US-based health care workers phishing emails posing as fast food chains. The emails offered heroic doctors and nurses free meals and directed them to a website posing as a food delivery service, with the goal of capturing login information. 

Phishing that goes unnoticed is bad. But what’s even worse is when its target is critical infrastructure. In April, researchers from Cisco Talos disclosed the discovery of a previously unknown remote access trojan or RAT, called PoetRAT, targeting the government and utilities in Azerbaijan. Once again, the attackers used phishing techniques to distribute COVID-19 themed emails to SCADA system operators with malicious Word documents attached. 

These emails appeared to be sent by the Azerbaijanian and Indian governments and if opened, would execute a script that according to ZDNet.com “executes a range of other commands, such as directory listing, exfiltrating PC information, taking screenshots, copying, moving, and archiving content, uploading stolen files, and killing, clearing, or terminating processes. It is also possible for PoetRAT to seize control of webcams and steal passwords.”

Making Money with Corona-themed Malware 

Malware such as banking trojans are also getting in on the act; Ursnif, a classic financial threat was spotted as early as January 2020, distributing COVID19 themed emails. Emotet, one of the most active and powerful banking trojans in circulation today, has also been found to be sending around emails supposedly coming from the WHO containing important Coronavirus information. Hancitor malware poses as COVID-themed insurance claims or proposals and Azorult malware, which uses a fake coronavirus infection map, steals payment and credential information. 

There’s No Magic Cure, Just Pay More Attention 

The list of threats cashing in on the current situation goes on and on and it’s important to note that the attacks mentioned here are just a portion of the COVID-themed attacks taking place. As much as we wish we could just wave a magic wand and go back to normal, this situation is still unfolding so attackers will keep improvising on their methods and launching new attacks. But one thing you can be sure of is they’ll continue to use our distracted state to their advantage. The more we keep our eyes open, the more secure we’ll be in the long run. 



Yehuda Halfon

Board Member

Mr. Yehuda Halfon has served on our board of directors since March 2016 and was appointed for a second three-year term as an external director in May 2019. Since 2009, Mr. Halfon has served as the chief executive officer at Cooperica property Ltd., which owns and manages a large geriatric center and other real estate properties in Israel. In addition, and since 2011, Mr. Halfon has served as the chief financial officer of Local Developing Germany GmbH, which owns a large portfolio of residential assets in Germany. Mr. Halfon holds a B.A. in Accounting & Economics from the Hebrew University in Jerusalem and an MBA from the Open University of Israel. Mr. Halfon is a certified CPA in Israel.

Moshe Tal

Moshe Tal

Board Member

Mr. Moshe Tal was appointed to our board of directors in May 2019, to serve as an external director. He serves as a partner with Shtainmetz Aminoach & Co. accounting, a CPA (Isr) Israeli Certified Public Accountant, Investment and Consulting firm. Mr. Tal is also a lecturer at the College of Management, Academic Studies and Department of Accounting at the Interdisciplinary Center in Herzliya. Mr. Tal served in the Israeli tax Authority for 13 years and has vast experience with tax regulations and laws, both in Israel and outside of Israel. Between 2011 and 2013 Mr. Tal served as a director of Dash Ipax Holdings Ltd. and from 2010 until 2018 as a director at Netz Group Ltd. Mr. Tal is a certified Israeli public accountant.

Lior Vider

Lior Vider

Board Member

Mr. Vider has over 15 years of experience in managing financial portfolios and investments, in organizations such as Ilanot Discount and Rakia Capital Markets. Mr. Vider is currently a Senior Investment Portfolio Manager at Epsilon Investment House Ltd., and in parallel is the founder, owner and manager of sponser.co.il, one of the leading financial portals specializing in services for investors. Mr. Vider is also an occasional contributor on capital markets and other economic issues in NRG.co.il, Calcala, Globes Business News, The Marker and the business section of The Jerusalem Post.

Eylon Jeda

Board Member

Mr. Eylon Geda has over 20 years of extensive investment experience. Prior to founding Beta Capital Management, a private consultancy firm in 2008, Mr. Geda held various positions in the fields of security research and investment management with several Israeli financial institutions. Mr. Geda holds an M.Sc degree in Finance and Accounting and a BA degree in Economics and Management Studies from Tel-Aviv University and he is a certified Financial Risk Manager (FRM) by GARP','Eylon Jeda



Yabing Wang

Advisory Board Member

Yabing Wang is the Deputy CISO at Carrier Corporation. She is responsible for security architecture and engineering for Identity and Access Management, as well as security technologies and tools for all cybersecurity domains. Yabing is also leading security strategies and executions including the Office of CISO and Program Management Office. Yabing has more than 20 years of extensive experience in technology and cybersecurity. She also has a track record of leading cybersecurity organizations, setting security strategies and delivering security capabilities to the enterprise. Yabing thrives to solve business problems, not technical problems, and partner with technology and business to make security as a differentiator and value-add for the business. Prior to Carrier, Yabing was the Vice President of Global Security at Alight Solutions and the Chief Security Architect at Allstate Insurance Company. Yabing also worked at Netscape Communications after she obtained her Master’s Degree in Computer Science from the University of Illinois at Urbana-Champaign.

Richard Greenberg, CISSP

Advisory Board Member

Richard is a well-known Cyber Security Leader and Evangelist, CISO, Advisor, and speaker. Richard brings over 30 years of management experience and has been a strategic and thought leader in IT and Information Security. His Project Management, Security Management and Operations, Policy, and Compliance experience has helped shape his broad perspective on creating and implementing Information Security Programs. Richard has been a CISO, Director of Surveillance and Information Systems, Chief of Security Operations, Director of IT, and Project Manager for various companies and agencies in the private and public sectors. Richard is an Information Systems Security Association (ISSA) Distinguished Fellow, and has received their Honor Roll designation. He has also been selected as a finalist for both the (ISC)2 Americas Information Security Leadership Award in the Senior Information Security Professional category and the Los Angeles Business Journal CIO of the Year in Security. Richard serves on the OWASP Global Board of Directors, leads the OWASP LA Chapter, and has been Co-Chair of the highly successful AppSec California conferences. Richard also is President of the Information Systems Security Association Los Angeles Chapter and is Chair of their widely recognized annual Security Summit and CISO Forum.

 





Amir Mizhar

Founder - President & Chief Software Architect

Amir Mizhar is the Chief Software Architect of Safe-T and leads the company's vision, research and development, delivering the industry’s best enterprise security solutions, while streamlining security into critical business workflows. Prior to founding Safe-T, Amir founded and led eTouchware, acting as Chief Software Architect for an innovative file sharing system with over 500,000 users. As founder and CEO of M-Technologies, Amir led the vision and creation of online collaboration tools, and online merchandising systems for retail markets. Developing commercial software programs since the age of 13, Amir is an expert ethical hacker and currently holds multiple patents in the area of data transfer over communication networks.

Eitan Bremler

Co-Founder & VP Corporate Development

Eitan Bremler is responsible for Safe-T’s corporate development activities, including OEM strategies, our technology alliance strategy, M&A. Working with Safe-T’s strategic customers and technology partners, he leads technology relationships with the company’s service providers, OEM, and business development partners.
Eitan brings to Safe-T more than 18 years’ experience in technology alliances, product management, product marketing, and marketing roles. Prior to joining Safe-T, he held multiple product management and product marketing positions at Radware and Radvision, an Avaya company.

Shai Avnit

Chief Financial Officer

Shai Avnit leads Safe-T’s regulatory, corporate governance, and all financials affairs including taxation, accounting, budgeting, cashflows and financing. He has extensive experience in managing financial, operational, administrative, and regulatory affairs in companies within the medical device, consumer electronics and software fields. He served as CFO and other leading financial positions in several hi-tech companies, both public and private, Including Card Guard Scientific Survival (currently LifeWatch), Valor Computerized Systems, ProSight, BriefCam and others. He holds a B.A. in Accounting & Economics as well as an M.B.A. with majors in Finance & Marketing, both from Tel Aviv University.

Dafna Lipowicz

VP of Human Resources

In her role, Dafna leads all HR activities at Safe-T, including: partnering with management team to advance and support the company vision and strategy, developing strategic HR plans and policies (training, compensation and benefits, etc.), organizational and managers development, recruitment and welfare. Dafna brings to Safe-T more than 17 years of experience in various HR managerial roles, in global and complex organizations as well as in growing start-ups (such as SanDisk, Logic Industries and Mantis Vision), specializing in establishing and leading HR departments, initiating and building organizational development, according to company strategy, management consultant, talent management and recruitment. Dafna holds both an LLB and an MA in Labor Studies from Tel Aviv University. She is also a certified mediator and group facilitator.

Hagit Gal, Adv.

Legal Counsel

Hagit leads Safe-T’s legal and compliance activity, providing ongoing legal advice regarding corporate and commercial matters. Hagit brings with her extensive experience from her role at B.S.D. Crown Ltd. (LSE: BSD – formerly, Emblaze Ltd.). At B.S.D., Hagit led several corporate transactions, including mergers and acquisitions, fundraising, IPOs and other equity related offerings of both publicly and privately held companies with an emphasis on the tech sector. In addition, Hagit was responsible for the direction of corporate governance practices and regulatory compliance, structure, negotiation and drafting of commercial agreements, intellectual property, human resources and payroll, investor relations and more. She holds a Bachelor of Laws (LL.B) with a major in Commercial and Civil Law from The Academic Center of Law and Science.

Marcio Lempert

Advisory Board Chairman

Over the last 25 years, Marcio Lempert has held top management positions (CEO, SVP, Managing Director, Sales Operations) in hi-tech companies all over the world. Marcio has proven the ability to turnaround, grow profitable business and lead various hi-tech disciplines: Sales, Marketing, R&D, PM, Support, Finance and Operations.Marcio has managed sales & operations for a wide range of products and technologies, such as networking, enterprise software and cyber/IT security.During his last position at Finjan Software Security, Marcio was instrumental in leading the acquisition of the company by M86 Security and subsequently the acquisition by Trustwave in 2012.After 2012, Marcio has been involved in social projects as a volunteer and mentor at several non-for-profit organizations and later served in the position of CEO of Dualis – a Social Investment Fund whose vision is the promotion of social impact through for-profit social businesses.

Eran Ziv

Advisory Board Member

Eran Ziv has 30 years of high-tech and IT/telecom industry sales, marketing and management experience. He is the founder and CEO of SecurityDAM. A RAD Group company, involved in cloud security solutions. Prior to that, he served as the President of International Systems Division at Enablence Technologies Inc. and CEO and President of Teledata Networks Ltd. Organizations dealing with NGN (New Generation Network) solutions for the wired Telco markets. Eran was appointed as Teledata Networks Ltd. CEO and President in 2006, leading an intensive turnaround, resulting of successful accusation by Enablence Technologies Inc. in 2010. Prior to that, He served as President of Allot Communications Ltd. leading the company from early stage startup to a profitable NAZDAQ IPO organization. Eran joined Allot from his previous position as Vice President of Sales and Marketing for VocalTec Ltd. Prior to that, he served as the President and Chief Executive Officer of RADLINX (a RAD Group company), which was acquired by VocalTec in 1997. Before joining RADLINX, he held senior sales and marketing positions at Lannet Ltd. and Bynet Ltd. Eran holds a B.Sc. from the Technion – Israel Institute of Technology.

Avi Rubinstein

Chief Business Officer

Avi is the Chief Business Officer at Safe-T. Prior to joining Safe-T, Avi co-founded Inpedio and served as its CEO between 2016 and 2019. After serving as co-founder of Ectel, GM Ectel US Inc., he led Ectel’s IPO in Nasdaq in 1999 and was the co-founder of StorWiz in 2004, which was acquired by IBM in 2010. He also was the co-founder and CEO of VideoCodes in 2004, which was acquired by Thompson in 2008. In addition, Avi participated in the 2014-2015 turn-around of Nice Intelligence Division (Ticker NICE) which transformed it into a Cyber player and was acquired by Elbit in 2015. Avi also served as advisory board member in Safe-T and CyberX (Cyber defense for Critical infrastructure).

Request a Demo



Chen Katz

Chairman of the Board

Chen Katz is the Chairman of the Board of Directors of Safe-T. Mr. Katz is the CEO of TechnoPlus Ventures Ltd., an independent investment company based in Israel, commenced its investment activities in 1997 and has been traded on the Tel-Aviv Stock Exchange (TASE: TNPV) since 1999. Mr. Katz has over 18 years of experience in identifying, deal structuring, executing and managing investments in companies and ventures of all maturity levels as well as fundraising, private placements, IPOs, PIPEs, Rights Offerings and M&A transactions. Mr. Katz currently serves as the Chairman of the board of Nanomedic Technologies Ltd. and Nicast Ltd. and serves as a director in Aminach Furniture and Mattresses Industry Ltd., CompuLap Ltd., and RapiDx Ltd. Mr. Katz also served on the board of directors of D-Led Illumination Technologies Ltd. and Shekel Scales (2008) Ltd. Mr. Katz holds a European Master in Law and Economics (EMLE) from the Complutense University of Madrid and an LL.B. from the University of Haifa, both magna cum laude.



Shachar Daniel

Co-founder and CEO

Shachar Daniel is the CEO at Safe-T and one of its co-founders. In his role, he is responsible for the overall vision, company strategy, day-to-day operations, and for growing Safe-T’s business and presence around the world. Shachar brings to Safe-T more than 14 years of experience in various managerial and business roles. Prior to founding Safe-T, he was program manager at Prime-sense, head of operations for project managers at Logic and project manager at Elbit Systems. He is an experienced manager with a passion and high commitment for project delivery. Shachar holds an Executive MBA from The Hebrew University, an MBA from The College of Management Academic Studies in Israel and a B.Sc. in Industrial Engineering from The Holon Institute Technology.