Posted on November 9, 2019 at 3:09 PM
Emails have been one of the oldest and still most used forms of online communication. However, they are also among the most common ways for hackers and scammers to conduct their campaigns. Whether it is infecting computers with malicious software, conducting phishing campaigns, or extorting others, emails have become an essential tool in cybercriminals’ arsenal.
According to a recent report for Q3 2019 made by a cybersecurity company called Proofpoint, emails with malicious URLs make up as much as 88% of all malicious electronic mail that is sent to unsuspecting victims. The findings clearly indicate that hackers prefer malicious URLs, rather than malicious attachments, as they did in the past.
These findings also indicate that the sophistication of social engineering attacks is evolving rapidly, which might make it easier to target individual users, but also corporations. The findings were explained by Proofpoint’s Threat Intelligence Lead, Chris Dawson, who stated that email-based threats are not only the oldest and most widespread security threats on the internet but also the most pervasive.
So far, researchers have encountered pretty much everything, from detailed email fraud to major malware campaigns that targeted millions of people, and even banking Trojans. The hackers’ toolset is incredibly diverse, and it continues to expand.
‘Sextortion’ attacks most common against Canadians
One of the recent trends that were also reported in the last several months includes sextortion campaigns, which seem to be particularly targeting Canadians. These attacks consist of nothing more than cyberattackers claiming to know someone’s sexual proclivities, and a malware that might infect victims’ computers and phones, and activate their microphones and cameras.
This report also came from Proofpoint as recently as two days ago, on November 7th. As expected, attackers rely on their victims’ fears and insecurities, and they often use stolen passwords and similar tricks to convince their victims that their reputation might actually be at risk.
In return for their silence, hackers usually ask for Bitcoin payments, which are very difficult to track. To ensure the victim’s cooperation, hackers threaten with allegedly captured video evidence or some other leverage that might scare victims into submission.
The malware infections often help out by collecting data such as email contacts, Messenger, or Facebook details, which often results in hackers deducing or even actually obtaining partial knowledge of the password used by the victim. Hackers also use specific phrases and language that increases the victim’s fear of exposure and judgment by society.
Other major threats
Apart from sextortion campaigns, researchers have also noticed a curious absence of Emote botnet spam, as well as the reduced number of ransomware attacks. While this does not mean that ransomware is gone for good — Dawson claims that it is still a very real threat — such attacks are still dropping in number rather rapidly, likely due to drops in cryptocurrency valuations.
Instead of using ransomware, hackers seem to prefer some stealthier methods, such as using banking Trojans or quiet downloaders that can hide within the users’ devices for weeks, or even months, while gathering data, mining cryptocurrencies, or simply bombarding victims with spam.
As Proofpoint report notes, there has been a major increase of banking Trojans (18%), as well as a 55% increase in the use of remote administration tools, when compared to the situation from the previous quarter.
Also, just like ransomware, Emotnet did not disappear completely. In fact, researchers have noticed a botnet spam campaign, and they named it TA542. The botnet was also noted as the biggest source of destructive malware, despite the fact that it started out as a banking Trojan. It got a lot of new use cases along the way, and it mostly acted during the summer of 2019.
Then, it returned yet again in September, attacking through geographically-targeted emails. Its attacks in the last two weeks of September resulted in as much as 12% of all malicious payloads noticed in the third quarter.
The only real way for organizations to fend off attacks such as phishing would be to keep track of the number of threats and scams received by each user and to determine where the attacks might be coming from. It would also be important to know how targeted the attacks are, and what type of malicious software they use. Naturally, employees should be trained to recognize such campaigns, and to not open emails from suspicious sources lightly.