“Hallmark hackers” take advantage of love day to send “Valware”

They love your data, they love you not...
14 February 2023

Feeling romantic? Then your resistance to phishing and malware may be lowered.

Getting your Trinity Audio player ready...

There is no occasion so nebulous, so tangential to the realities of the world, that greeting card manufacturers will not cash in on. The same is true of cybercriminals. In November last year, there was an uptick in “Black Friday” deal websites and emails that were masks for malware and phishing scams. The same thing happened in the run-up to the December holidays, with Christmas in particular the target of relentless “malvertising” campaigns – yes, advertising campaigns with malware in their little dark hearts, hiding behind one click of a mouse. And now, since the beginning of January, there has been a marked rise in Valentine’s Day malware – Valware, if you will – with romantics everywhere falling foul of the scams.

The Valentine’s Day e-massacre.

Check Point Research, which among much other work takes it upon itself to try and think like cybercriminals and head them off at the pass, began noting the new “Valware” trend in January, with the springing up of Valentine’s Day-related domains. In fact, in the course of January, the company noted a 54% increase in such domains.

To some extent, that’s entirely natural and to be expected – keeping Valentine’s Day domains up and running all year round would seem excessively romantic, so it would make sense that they’d spring up like optimists in January, in preparation for the ultimate “Hallmark Holiday” on January 14th.

But the actual statistics are interesting: 12,441 new domains were registered in January 2023 containing the terms “Love” or “Valentine” in their name. That’s the 54% increase compared to the average of such domains over the previous three months – which means that yes, there were people registering Valentine’s domains in October (potentially displaying a heroic level of optimism). The overall increase in new domains of all kinds in January compared to the previous three months stood at 36%, suggesting a distinctly romantic stirring.

The stirring intensified in the first two weeks of February – in the first week of the month, more than 2900 such lovey-dovey or Valentine-specific domains were registered, making over 16,000 new domains in the first seven weeks of 2023.

One in ten love you not – potentially.

Of those registered in February, one in 10 on average were found to be potentially risky.

Over the same period, one in every thousand emails with a Valentine’s Day theme were discovered to be either outright malicious or questionably suspicious – and bear in mind, that doesn’t include the most mundane Valentine’s Day emails, the ones between happy people themselves.

While an average of one in 10 domains, and one in a thousand emails may not signify a cybercrime wave that’s likely to worry the FBI or Interpol any time soon, the pattern of cybercriminals using even the slightest pretext to launch an upsurge in phishing and malware attacks while hiding behind the sentiment of those pretexts, like Christmas and Valentine’s Day, looks set to become a year-round phenomenon.

Easter’s on April 9th this year – seven weeks on from Valentine’s Day, the same distance in time as between New Year’s Day and Valentine’s. Will there be a corresponding surge in Easter-based phishing scams? “Follow me, and I shall make you phishers of men”? Tasteless? Absolutely – but so is having your holidays and celebration days hijacked by unscrupulous cybercriminals who steal your details, your data, and potentially, great portions of your life.

The 86% threat.

The point, beyond crude and potentially blasphemous misquotes of scripture, is that such attacks are becoming more and more prevalent. The 2023 Cyber Security Report from Check Point revealed that email-delivered-attacks during 2022 accounted for no less than 86% of all file-based in-the-wild attacks. It also showed that cybercriminals were becoming more and more diverse and inventive in terms of the use of various file formats as vessels for their malicious payloads.

The Valware threat, while it is concerning in and of itself in that it’s a hijacking of a day when messages are expected to be sent back and forth and gifts purchased (increasingly from websites), opening up two fantastically useful attack vectors from cybercriminals, is actually more worrying as a symptom or a sign of the times.

Potentially, every religious – and every retail – event of note in the year could be targeted by cybercriminals, because those two vectors are continually renewable and play on the socially engineered expectations of people who may well not have the cybersecurity nous to particularly suspect any emails or websites mentioning the holiday or celebration that’s closest in the year.

Humans – the weak link in any security chain.

That means, for instance, they might be significantly more susceptible to holiday-based mails with malware hiding in images, or links to potential Easter cards, or Hallowe’en bargains, than they would be to anything as crass and old-fashioned as Nigerian princes with fortunes to give away or anything as relatively modern as mails from their boss begging for bank transfers because their credit card was stolen.

Not that either of these classic entry-points to companies and personal accounts is necessarily going anywhere, but the whole idea of holiday-or-occasion-based attack cycles, like Valware, takes the need for training in cyberskepticism to new heights. In companies with a lively social calendar, the technique could easily be morphed into a cyclical round of business email compromise attacks, too.

Is the Valware vulnerability – coming on the back of significant campaigns over Black Friday and Christmas – the sign of things to come? In the absence of a major incident that, for instance, cripples a big company – it might well be difficult to get people and businesses to take it seriously. But it’s worth remembering that the mindset of cybercriminals is intensely focused on finding any weak point that lets them in.

The human factor of reduced vigilance when the likes of emails and e-commerce are an expected seasonal norms is absolutely a weak point in any company’s security system.

Happy Easter in advance…