It was inevitable. Within mere days of Windows 10 rolling out to PCs worldwide, criminal hackers set to work fooling potential upgraders as a way to deliver ransomware to PCs.
Security researcher Stu Sjouwerman of KnowBe4, LLC, says this is only the beginning of the problem. And it's one of many examples of how criminal hackers ride current events as a way to cheat the unsuspecting.
A trendy scam
For criminals to exploit the Windows 10 upgrade process, Sjouwerman explained in a phone call, shows their ongoing tenacity. Just as legitimate news publications keep an editorial calendar and set up coverage based on seasonal events, anticipated news, or breaking stories, phishing campaigns are tailored to exploit them as well.
"[Criminals] work their [phishing campaign] schedules into these major events," Sjouwerman said. "They have [email] templates ready from last year that they adjust somewhat, and they punch out a multi-million-dollar phishing campaign [with them]."
Most of the phishing campaigns or ransomware currently blasted out are the province of Eastern European or Russian criminal gangs, with the Windows 10 scam -- typically used to deliver the CTB-Locker ransomware -- only the latest of the bunch. As Sjouwerman put it, "The Russians go after your money; the Chinese go after your data" -- a generalization, but still one he felt was accurate.
"This is the only very early stage for a much bigger trend coming down the pike," Sjouwerman added. When the Cryptolocker ransomware first appeared, he said, it was mainly a single criminal who "basically blazed a trail." In his wake, many other criminal gangs have copied that model, leading to "15 different ransomware families."
"The same thing is going to happen with this," Sjouwerman said.
The weakest link: You
Current -- and likely future -- scams like the Windows 10 scheme are aimed at users who typically have little technical savvy. Sjouwerman outlined even more sophisticated scams that involved spoofing requests for money transfers between CEOs and CFOs, but the majority of scams are straightforward and direct phishing operations.
In a blog post released earlier today, Sjouwerman provided a quick copy-and-paste template for those in the know to send along, with the legitimate Windows 10 upgrade link included.
"The human is still the weak link in IT security," he said. "It's not tech. It's people, policy, and process that are the weak links."