Phishing, Threat Intelligence

Hurricane Helene exploited in FEMA scams, phishing

Share
More than three-quarters of organizations that paid a ransom suffered a second ransomware attack within a month. (“Cash Money” by athrasher is marked with CC0 1.0.)

Hackread reports that organizations and individuals across Florida have been subjected to various cybersecurity threats exploiting relief efforts in the aftermath of Hurricane Helene and ahead of Hurricane Milton.

While some threat actors established fraudulent disaster relief websites as part of phishing attacks aimed at exfiltrating financial details and Social Security numbers from individuals seeking aid, others impersonated Federal Emergency Management Agency assistance providers to create fake claims that enabled relief fund and personal data theft, with the strategies of such a scheme shared in BlackBones and other cybercrime forums, according to a Veriti analysis. Malicious payloads have also been distributed by threat actors through spoofed FEMA documents, including a PDF document referencing the agency's Grants Manager and Grants Portal systems that redirected to a website that facilitates malware compromise. Despite the absence of any active compromise using the malware-laced FEMA documents, Veriti researchers urged increased vigilance on the threat.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.