Over the last twelve months, AppRiver quarantined more than 38 billion spam messages, almost double the amount quarantined just two years ago. Of that total, 450 million messages contained viruses.
According to Fred Touchette, AppRiver senior security analyst, phishing techniques showed increasing sophistication. Utilizing both traditional and new techniques, phishing campaigns will be an ever-present trend in 2011.
The following phishing characteristics will continue in the coming months:
Pretending to be a banking institution – Posing as a trusted bank is a tried and true persona for cyber criminals. Unsuspecting online bankers can quickly become victims, especially when a simple e-mail that appears to be from their bank asks them to log-in. This essentially hands the bad guys account information.
Activating botnets – Despite the take-down of the Pushdo and Bredolab botnets, the presence of botnets does not appear to be going away any time soon. Underground forums that sell kits, mostly ZeuS-based kits, will enable botnets to continue to spew out spam for the foreseeable future. As a result, the ZeuS botnet remains highly dangerous as it continues to target financial information.
Capitalizing on Facebook and Twitter – Social networking sites are prime locations for cyber criminals to prey on the naïve and unsuspecting. With such a large cross-section of users, the potential for a successful attack is significant.
Targeting mobile devices – The steadily increasing use of mobile devices will increase the likelihood of these devices becoming prime targets for malicious attacks. As evidenced by the attack we saw in late August, cyber criminals showed just how easy it is to create a believable Facebook spam campaign targeting smartphone users.
The chart below represents the amount of e-mail viruses as seen inbound to AppRiver filters:
Here are some attacks and general themes from the past year:
Here You Have Worm: Due to its propagating nature, this worm spread quickly across the Internet, using a “.scr” extension that has thrown up red flags for the past two decades.
Stuxnet: A calculated cyber warfare attack, Stuxnet made governments realize just how real cyber espionage is. Cyber espionage is likely to increase in frequency as the effectiveness of these attacks becomes clearer. Stuxnet also helped emphasize the importance of implementing patches to keep endpoint security up-to-date.
Going green: Utilizing targeted spear phishing campaigns, hackers attacked more than 2,000 companies in an attempt to steal carbon credits and resell them for large profit.
International events: Whether a tragedy, such as the earthquake in Haiti, or a global sporting event, such as the FIFA World Cup, spammers are quick to try to trick e-mail recipients and Web surfers.