Emails have been one of the oldest and still
most used forms of online communication. However, they are also among the most
common ways for hackers and scammers to conduct their campaigns. Whether it is
infecting computers with malicious software, conducting phishing campaigns, or
extorting others, emails have become an essential tool in cybercriminals’
arsenal.
According to a recent report for Q3 2019 made by a cybersecurity
company called Proofpoint, emails with malicious URLs make up as much as 88% of
all malicious electronic mail that is sent to unsuspecting victims. The
findings clearly indicate that hackers prefer malicious URLs, rather than
malicious attachments, as they did in the past.
These findings also indicate that the sophistication of social engineering attacks is evolving rapidly, which might make it easier to target individual users, but also corporations. The findings were explained by Proofpoint’s Threat Intelligence Lead, Chris Dawson, who stated that email-based threats are not only the oldest and most widespread security threats on the internet but also the most pervasive.
So far, researchers have encountered pretty much everything, from detailed email fraud to major malware campaigns that targeted millions of people, and even banking Trojans . The hackers’ toolset is incredibly diverse, and it continues to expand.
One of the recent trends that were also reported in the last several months includes sextortion campaigns, which seem to be particularly targeting Canadians. These attacks consist of nothing more than cyberattackers claiming to know someone’s sexual proclivities, and a malware that might infect victims’ computers and phones, and activate their microphones and cameras.
This report also came from Proofpoint as
recently as two days ago, on November 7th. As expected, attackers rely on their
victims’ fears and insecurities, and they often use stolen passwords and
similar tricks to convince their victims that their reputation might actually
be at risk.
In return for their silence, hackers usually
ask for Bitcoin payments, which are very difficult to track. To ensure the
victim’s cooperation, hackers threaten with allegedly captured video evidence
or some other leverage that might scare victims into submission.
The malware infections often help out by
collecting data such as email contacts, Messenger, or Facebook details, which
often results in hackers deducing or even actually obtaining partial knowledge
of the password used by the victim. Hackers also use specific phrases and
language that increases the victim’s fear of exposure and judgment by society.
Apart from sextortion campaigns, researchers
have also noticed a curious absence of Emote botnet spam, as well as the
reduced number of ransomware attacks. While this does not mean that ransomware
is gone for good — Dawson claims that it is still a very real threat — such
attacks are still dropping in number rather rapidly, likely due to drops in
cryptocurrency valuations.
Instead of using ransomware, hackers seem to
prefer some stealthier methods, such as using banking Trojans or quiet
downloaders that can hide within the users’ devices for weeks, or even months,
while gathering data, mining cryptocurrencies, or simply bombarding victims
with spam.
As Proofpoint report notes, there has been a
major increase of banking Trojans (18%), as well as a 55% increase in the use
of remote administration tools, when compared to the situation from the
previous quarter.
Also, just like ransomware, Emotnet did not
disappear completely. In fact, researchers have noticed a botnet spam campaign,
and they named it TA542. The botnet was also noted as the biggest source of
destructive malware, despite the fact that it started out as a banking Trojan.
It got a lot of new use cases along the way, and it mostly acted during the
summer of 2019.
Then, it returned yet again in September,
attacking through geographically-targeted emails. Its attacks in the last two
weeks of September resulted in as much as 12% of all malicious payloads noticed
in the third quarter.
The only real way for organizations to fend off attacks such as phishing would be to keep track of the number of threats and scams received by each user and to determine where the attacks might be coming from. It would also be important to know how targeted the attacks are, and what type of malicious software they use. Naturally, employees should be trained to recognize such campaigns, and to not open emails from suspicious sources lightly.