As businesses have gotten wise to malicious e-mails that try to trick their employees into clicking on unfamiliar links in e-mails, cyber criminals have devised a new way to con people into opening up their networks — a method called “BazarCall.”

Ransomware is a type of malicious software (malware) that blocks a user from accessing programs and data on a workstation or entire computer network until a ransom is paid to the criminals who installed the malware.

Cyber criminals typically install ransomware on networks by sending phishing e-mails (e-mails sent by someone impersonating a legitimate business) to users. The e-mails contain links that, if clicked on, give the criminal access to the user’s network.

Once access is gained, the ransomware is installed, the user’s network eventually grinds to a halt, and the user’s organization has to either pay the ransom or recreate its data.

The BazarCall threat

BazarCall has created a new threat to businesses. According to cyber insurance provider CFC, BazarCall is a new type of attack methodology, known as “telephone-oriented attack delivery” (TOAD). Here’s how it works:

  • A cyber criminal sends a phishing e-mail with instructions that the recipient should call a certain phone number. The message typically refers to a subscription the recipient allegedly has.
  • The recipient calls the number (supposedly a call center) and receives instructions to visit a specific website. For example, the e-mail may have advised the recipient to call the number if they no longer wish to continue the “subscription.” The “call center” directs them to a website that supposedly will enable them to cancel the subscription.
  • The recipient, following instructions, visits the website. The site directs them to download a file, such as a Microsoft Excel file. Unbeknown to the recipient, the Excel file contains code that, once enabled, infects the computer with ransomware.
  • From a public folder on the computer, the ransomware installs on the network and the cyber criminals are off to the races.

This method gets the initial e-mail past security screenings because it does not ask the recipient to click a link. The criminals have no need to penetrate the target’s network because the recipient does the work for them by downloading the file.

This is a relatively new method and many organizations have not warned their users about it. CFC found that this method was used in 10% of ransomware attacks in the spring of 2022.

What to do

To protect your network against BazarCall and other TOAD attacks:

  • Keep antivirus and firewall firmware updated. This can help remove infections before they spread.
  • Require remote users to use multi-factor authentication (MFA) for all connections to the network. MFA requires the user to input a second identifier in addition to their password in order to gain access. It presents an additional obstacle to cyber criminals.
  • Make employees and other users aware of the new threat. Raising awareness may be the single most effective thing an organization can do, since most successful attacks result from human error.

Cyber criminals are relentless in their quest to find new ways to victimize people and organizations. The financial losses they cause are growing at astronomical rates. A continuing mix of technology and user training are the best ways to fight back.