New research claims to show that, whilst spam levels fell to a five-year low last month, the increasing complexity of cyber-criminal attacks shows no sign of easing, with increasing levels of malware attacks and dangerous PDFs rapidly becoming the norm.
Cybercrime threat landscape evolving rapidly
At the same time, the smartphone threat continues to rise, with Cyren’s Q2 threat report highlighting the first Android ransomware appearing.
According to Avi Turiel, Cyren’s director of threat research, the initial version of the ransomware appeared in May and took over Android phones by displaying a message accusing the user of watching child pornography, although this version lacked any true encryption capabilities.
The second version, he says, appeared in June and contained strong encryption capabilities, locking the Android device’s card and blocking any phone use displaying a message similar to the May version. The ransomware then demanded around £15 to be paid through a Russian/Ukrainian money transfer service.
Also during the second quarter, cyber-criminals used both real and phoney PDF files, Dropbox, and Microsoft Word to distribute their malware, and phishing threats remained consistent during the second quarter, with the financial industry and World Cup as the focus of several schemes.
Delving into the report reveals that cyber-criminals were using a variety of advanced techniques to distribute their malware.
“In one version, the Gameover variant of the Zbot malware arrives in the victim’s email inbox as a bill supposedly from a large British energy provider. The file `Eonenergy-Bill-29052014.zip’ contains an executable file that is represented by a standard PDF icon. Gameover uses a P2P command-and-control (CC) network to transfer commands between the infected system and the network,” says the report.
“The malware also uses pseudo-random domain names and attempts connections with each of these to download configuration files,” it adds.
The analysis also concludes that that no corner of the banking globe is safe from phishing criminals, with country-specific financial institutions such as Natwest in the UK and Hypovereinsbank in Germany seeing cyber-criminals continuing to try to find ways to gain access to personal and corporate financial data.
In one attack, the report says that cyber-criminals were able to save money on hosting fees and add legitimacy to their phishing-malware-spam campaign by incorporating a real corporate logo and then linking the logo back to a well-known internet security blog.
“Cyren researchers came across this scheme in the second quarter, in which a cybercriminal used a typical phishing email in the form of a `Google Doc,’ with the Google logo at the top actually linked back to a legitimate internet security blog called www.onlinethreatalerts.com,” says the analysis.
Peter Wood, CEO of First Base Technologies, a pen-testing specialist, said that he has also seen spam levels dropping off in recent months, but added that he has also seen some very well crafted – and creative – spam based on legitimate emails.
“Phishing and spear phishing has gone through the roof in recent times. I’ve seen some very clever emails, but what is interesting is that, whilst my work and personal emails have clearly had a lot of advanced phishing messages, I’m not seeing anywhere near the same levels in my Gmail account,” he said, adding that this suggests that Google’s search engines may be helping the company.
Because of the risks from spear-phishing, Wood says that First Base has entered into an agreement with PhishMe, the US anti-phishing training company, to allow First Base to develop training programmes for its clients. This is less of a revenue earner, he says, and more of service that clients are asking for, giving them some very useful education into phishing issues along the way.
Over at Encode UK, Graham Mann, the security vendor’s managing director, said that the message from the Q2 report from Cyren is depressingly familiar.
“Technology remains a double-edged sword; whilst it makes life easier and more pleasurable, it is also constantly hijacked by the criminal fraternity with evermore inventive money-making scams. For the average Joe it’s simply impossible for them to avoid becoming a victim – it’s no longer if but when,” he explained.
Paco Hope, a principal consultant with Cigital and a member of the (ISC)2 application security advisory board, meanwhile, said that malware is a marketplace of technologies attempting to trick and victimise the average user.
“Mobile technology now reaches more people than email ever could and it is more directly controlled by the victim. Email can be filtered by intermediaries, but end users use mobile devices,” he said.
“The malware market is expanding to greener pastures where victims are less protected. To adapt and respond to threats, firms need qualified staff with up-to-date credentials. Individuals who demonstrate a commitment and track record of maintaining their experience and qualifications are an important cornerstone of a firm’s response to changing threats,” he added.