Spike in Brexit-themed phishing attacks expected once withdrawal agreement is finalised

Hacker behind a computer against the EU flag to depict Brexit

Businesses both in the UK and wider Europe should expect a sharp spike in phishing attacks once the political uncertainty around Brexit is resolved, with analysts already spotting a rise in malicious activity.

Once either a withdrawal agreement between the UK and the European Union (EU) has been reached or a there is a 'no deal' outcome, businesses should expect a wave of threat activity as they embark on preparations.

The outcome of negotiations should be known by March 2019, by which point organisations will face an increase in Brexit-themed spearphishing campaigns and political disinformation that could transition into infiltration, according to threat intelligence firm EclecticIQ.

"Cybercriminals could easily exploit Brexit in large-scale phishing campaigns," the researchers said.

"A campaign targeting businesses could see cybercriminals sending out documents that are made to look like government advice on dealing with Brexit which in fact download malware.

"Cybercriminals regularly use similar tactics by spoong government organisations such as HMRC in order to spread malware or steal personal information."

Researchers also found evidence of recent Russian-linked ATP28 (Fancy Bear) activity suggesting the group will increasingly launch malware attacks against political targets across Europe once the confusion has settled.

For example, the analysts found evidence of a host of phishing lures targeting the Polish government and used a Brexit-related lure to deliver Zekapab malware.

Threat actors nation-state ties such as Fancy Bear, or cousin organisation Cozy Bear, could target the UK government by spoofing a major central government department such as the Department for Exiting the European Union (DexEU).

EclecticIQ researchers suggest the UK could face a similar attack to that which Cozy Bear launched against the US State Department in November, with hackers posing as DexEU and spreading malicious Brexit-themed documents among officials and politicians.

"We've seen examples of cybercriminals piggy-backing onto major political events to try and spread malware," EclecticIQ analyst Aaron Roberts told IT Pro."This will likely also be a perfect opportunity for more sophisticated actors to do the same.

"We've written about fake documents mentioning Brexit being sent to companies to access their networks, and in the event of a deal/no deal, it's likely this will increase, particularly as we draw closer to the deadline, and probably if there is still major uncertainty about the status of the UK after the 29 March deadline.

Brexit-themed disinformation across social media has also been prevalent in recent months, EclecticIQ found, with Russian-originating accounts spreading messages and counter-messages across both sides of political opinion.

The messages sent from the potentially malicious accounts analysts identified, including @Steve_Banal and @sundayroast2017, are consistent in nature and tie into the ongoing political developments around Brexit, and the current deal being presented to parliament.

Activity, at the moment, seems based around shaping opinion and less on intrusion, but analysts say that may change in the run-up to 29 March 2019, when the UK will leave the EU under Article 50.

"We may see links alleging to be major news or highly relevant to Brexit being shared across social media, either to try and spread malware or to harvest credentials from users that could then be used to further spread the same message," Roberts continued.

"It's an interesting time both politically and from the point of view of evolving cyber attacks. I don't think we've seen the last cyber incident around Brexit and it's likely activity will only increase as uncertainty remains and the deadline gets closer."

Keumars Afifi-Sabet
Contributor

Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.