Exploit This

Security News, Exploits, and Vulnerabilities.

Kaspersky Lab – Beyond Black Friday Threat Report, November 2017

This time of year is an ideal hunting ground for hackers, phishers and malware spreaders; disguising their attacks as offers too good to refuse, a concerned security message from your bank requiring urgent attention, a special rate discount from your credit card service, and more.

Spam and phishing in Q3 2017

In terms of the average share of spam in global email traffic (58.02%), the third quarter of 2017 was almost identical to the previous reporting period: once again growth was slightly more than one percentage point – 1.05 (and 1.07 p.p. in Q2 2017). As in previous quarters, spammers were quick to react to high-profile events and adapted their fraudulent emails to the news agenda.

Spam and phishing in Q2 2017

In Q2 2017, the average share of spam in global email traffic amounted to 56.97%, which was only 1.07 p.p. more than in the previous quarter. One of the most notable events of this quarter – the WannaCry epidemic – did not go unnoticed by spammers: numerous mass mailings contained offers of assistance in combating the ransomware.

Nigerian phishing: Industrial companies under attack

In late 2016, the Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team reported on phishing attacks that were primarily targeting industrial companies from the metallurgy, electric power, construction, engineering and other sectors. As further research demonstrated, this was just part of a bigger story that began much earlier and is unlikely to end any time soon.

Two Tickets as Bait

Over the previous weekend, social networks were hit with a wave of posts that falsely claimed that major airlines were giving away tickets for free. Users from all over the world became involved in this: they published posts that mentioned Emirates, Air France, Aeroflot, S7 Airline, Eva Air, Turkish Airlines, Air Asia, Air India, and other companies.

Clash of Greed

Yet, the more popular game is, the higher the probability that fraudsters will be looking to make a fortune on that popularity by, for example, organizing phishing attacks on the player base. Those phishing attacks, though always quite similar in their nature, are very competently planned.

Spam and phishing in Q1 2017

Although the beginning of Q1 2017 was marked by a decline in the amount of spam in overall global email traffic, in March the situation became more stable, and the average share of spam for the quarter amounted to 55.9%. The US (18.75%) remained the biggest source of spam, followed by Vietnam (7.86%) and China (7.77%).

Personalized Spam and Phishing

Lately we have been noticing an opposite tendency occurring quite often, wherein fraud becomes personalized and spammers invent new methods to persuade the recipient that the message is addressed personally to him. Thus, in the malicious mailing that we discovered last month, spammers used the actual postal addresses of the recipients in messages to make them seem as credible as possible.

Financial cyberthreats in 2016

In 2016 we continued our in-depth research into the financial cyberthreat landscape. We’ve noticed over the last few years that large financial cybercriminal groups have started to concentrate their efforts on targeting large organizations – such as banks, payment processing systems, retailers, hotels and other businesses where POS terminals are widely used.

Spam and phishing in 2016

2016 saw a variety of changes in spam flows, with the increase in the number of malicious mass mailings containing ransomware being the most significant. These programs are readily available on the black market, and in 2017 the volume of malicious spam is unlikely to fall.

%d bloggers like this: