One in 216 emails in July identified as malicious
Symantec recently released the findings of its July 2012 Symantec.cloud Intelligence Report. The report provides the latest analysis of cyber security threats, trends and insights from the Symantec Intelligence team concerning malware, spam, and other potentially harmful risks.
During the first half of the year, the total number of targeted attacks on a daily basis continued to increase at a minimum rate of 24%, with an average of 151 targeted attacks being blocked each day during May, June and July.
Large enterprises consisting of more than 2,500 employees are still receiving the greatest number of attacks, with an average 97 being blocked each day.
The July report looked at the numerous Olympic themed scams and attacks during the course of July and early August, which are not a new phenomenon with similar sporting-themed attacks taking place during the 2008 Olympics in Beijing and the 2010 World Cup in South Africa.
However, the social engineering employed in many of these attacks may be unfamiliar to a new audience. The report also looks at the increase in the use of attack toolkits for spreading malicious code. The amount of attack toolkit activity on the threat landscape is now three times the average for the last six months of 2011.
The Symantec.cloud Threat Intelligence Report has discovered and explored some of the major threats that have come to light over the course of the last few months, including, but not limited to Malware, Mobile, Social and Phishing scams.
Even before the Summer Olympic Games began on 27 July 2012, online scammers had already taken the opportunity to target users. To name one example, phishers masqueraded as a MasterCard promotion and created an eye-catching phishing site. The phishing pages, hosted in Brazil, included several fake offers such as “Win Free Trips to the 2012 Summer Olympics in London!” The London Olympics logo was placed at the center of the page and below the logo were images involved in the event, including images of the various stadiums. Customers were prompted to participate in the offers by clicking a button labeled “Participate now.” Upon clicking the button, customers would be redirected to the next phishing page that asks for the user’s confidential information.
In July, attackers were actively using Olympic-related trending topics on Twitter in order to entice people to click on malicious links. The Tweets appear to be generated by bots, with poorly constructed, ambiguous sentences. The shortened URLs lead to fake pages that appear to cover a variety of subjects, including business strategy tips and health-related topics. However, the real purpose of these sites is to spread malware. An attack toolkit is set up on the back-end of the pages and will attempt to install trojan back doors or fake security software on vulnerable computers that visit these Web sites.
There have also been a few instances of spammers attempting to trick users into downloading malware. For example, one spam email Symantec recently encountered includes a link to a website that mimics YouTube.
The video in question purports to be about an Olympic scandal, but instead of playing the video, it tells the user to install a new version of Flash. If the user clicks OK and runs the executable, they will infect the computer with a Trojan.
“Based on the statistics in this edition of the Symantec.cloud Intelligence Report, it is clear that South Africa is no stranger to cyber threats, especially in the case of spam and phishing attacks. One contributing factor to this is the increase in attack toolkit activity on the threat landscape which is now three times the average for the last six months of 2011”, says Mark Smissen, Business Development Manager for Symantec.cloud in South Africa.
“While the appearance and end result of such attacks has remained the same from an end-user point of view, there is a definite shift taking place in terms of how these attack toolkits are set up and administered.”
Best practices to avoid spam and phishing attacks:
· Do not click on suspicious links in email messages
· Never enter personal information in a pop-up page or screen
· When entering personal or financial information, ensure the website is encrypted with an SSL certificate. Look for a padlock, ‘https’, or a green address bar
· Frequently update your security software, which can protect you from online phishing