Cyrillic Characters Used in Cyber Attacks

Recent reports show hackers substituting Roman alphabet with Cyrillic alphabet characters to deceive recipients. In their article “Real or Imposter? Everything You Need to Know About ‘Homoglyph’ Phishing”, CISO MAG describes this tactic, known as The Internationalized Domain Name (IDN) homoglyph attack, as “a deception technique that uses homoglyphs or homographs, in which an attacker abuses the similarities of character scripts to create phony domains of existing brands to trick users into clicking. A homoglyph is one of two or more characters or glyphs with shapes that appear identical or very similar.”

Clicking on a malicious link in haste in an email that spoofs a legitimate institution may direct you to a website that looks identical to the actual company brand being imitated and might request login credentials. Clicking a malicious link may also initiate download and install of a program capable of recording keystrokes and collecting confidential data including bank logins.

Avoid clicking links from emails, chat messages, and other publicly available content, most especially social media sites, without ensuring the visible link is indeed the true destination. You may hover over links to see their true destination. AAFCPAs also advises that clients establish and adhere to internal controls, monitor and test those controls, conduct simulated phishing expeditions via social engineering, and offer ongoing cyber security training.

Please forward this alert to your employees to ensure they are and remain phishing-savvy. Clients can boost security awareness by training employees on common phishing techniques, sharing the organization’s suspicious email response protocol, and reminding staff to always remain vigilant.

How may we help?

AAFCPAs conducts IT Risk/Cyber Security Assessments and offers Vulnerability Management as a Service (VMaaS) solutions to pinpoint potential exposures, to help organizations comply with government and industry regulations, and to boost organizational awareness. We also work with decision makers to devise security practices and protocols that safeguard your intellectual property, reputation, and bottom line.

To learn more, please contact Vassilis Kontoglis, Partner, Automation, Analytics, & IT Security at 774.512.4069 or—or contact your AAFCPAs Partner.

About the Author

Vassilis is a leader in AAFCPAs’ Business Process & IT Consulting Practice. He has 20+ years’ proven experience providing business intelligence, productivity, information risk management, and cybersecurity solutions. He is a critical resource in keeping clients and the firm on the forefront of transformative technologies while mitigating risks that come along with these advancements. Vassilis leads the delivery of Robotic Process Automation solutions at AAFCPAs. He understands the unique requirements to achieve RPA success, including proper design, planning, implementation, and governance. He works collaboratively with clients and cross-functional teams, and leverages his deep understanding of enterprise information systems, business logic, and structured inputs to automate rote processes and increase operational efficiency. Vassilis is also the leader of AAFCPAs’ automation center of excellence (CoE), an internal team that streamlines automation output, provides structure, and helps scale automation through the firm.