Most workplaces do not educate staff about social engineering attacks, says cyber threat analysis team leader 

An emerging ransomware attack – dubbed BazarCall – is targeting small businesses, specialist cyber insurer CFC has warned.

The BazarCall attack method has increased in popularity among ransomware groups and is responsible for several malware infections observed by CFC’s in-house cyber threat analysis team over the past three months.

The ransomware can overcome common cyber security controls via a phishing email that misleads victims into phoning a call centre – instead of clicking a link – and then instructing them to download malicious software that infects their computers.

In this way, the hackers can carry out ransomware attacks while remaining undetected.

Tom Bennett, CFC’s cyber threat analysis team leader, said: “Making the victim do all the heavy lifting is a notable shift from the more traditional hacking attack vectors.

“Unfortunately, most workplace education around phishing emails doesn’t warn about this type of social engineering, so it represents a significant new threat.”

Remaining vigilant

BazarCall was initially discovered in late January 2021 – the attack starts with a phishing email that is then distributed by call centres via an Excel document, according to IT support website Bleeping Computer.

Bennett said that BazarCall had accounted for almost 10% of the malware incidents CFC had detected across its portfolio across the last three months.

However, the company has so far been able to prevent cyber claims stemming from these infections.

He continued: “To date we have detected and removed every case of this malware within our impacted customers, at no cost to them.

“But we must all remain vigilant – cyber criminals are motivated, well-funded and well-organised.

”They are constantly revising their attacks. That’s why we’ve built our dedicated cyber security team to help our customers protect themselves and prevent incidents before they happen.”

CFC’s cyber threat analysis team has been proactively detecting threats and intervening on behalf of its cyber customers.

For example, the team can identify whether a specific victim at the organisation has received BazarCall phishing email, whether the victim has called the phone number listed in the email and whether the malware has been installed on their system.