Spam is an attack vector to watch out for this holiday season, according to research from a cyber security product company. Spam campaigns disguised as delivery notifications or online shopping invoices have been popular with cyber criminals all year, and F-Secure says these tactics can prove even more effective around the holidays.
F-Secure points to spam as the most common method for cyber criminals to spread malware in 2018, accounting for nine out of every ten infection attempts over the year. Roughly 69 percent of spam campaigns attempted to trick users into visiting malicious URLs and download a malware-laden file or commit another action that results in an infection. Malicious attachments were used in the remaining 31 percent of campaigns. These spam campaigns often use emails spoofing delivery notifications or online purchase invoices to trick users into clicking their malicious links. It’s a tactic that F-Secure Behavioural Science Lead Adam Sheehan says is more effective around the holidays.
Sheehan said: “The kind of spam that criminals use doesn’t seem so spammy to a lot of people this time of year. More people are just more open to the commercial messages spammers like to spoof, which makes individuals more vulnerable at home and at work. Tests we performed using simulated Black Friday and Cyber Monday phishing emails saw about 39 percent more people click than similar tactics we use at other times during the year, which isn’t a trend we like to see.”
The research also found:
· Downloaders/bots/backdoors account for 52 percent of malware delivered through spam, followed by banking trojans (42 percent) and then ransomware (6 percent)
· The Emotet, Trickbot, and Panda banking trojans are the most frequently seen malware families delivered through spam
· The majority of observed spam campaigns target users in the US, EU, Canada, and Japan
· The number of active exploit kits declined from 6 in 2017 to 4 in 2018, and has decreased by 87 percent since 2013
F-Secure Researcher Patricia Revilla-Dacuno adds: “It’s true that we see less ransomware as the main payload in these spam emails, but it’s still frequently delivered as a follow-up payload by backdoors or bots. Infection chains are becoming more complicated and the Emotet banking trojan, which is fairly common, has evolved into a credential stealer and downloader, and now used in different ways for a variety of schemes. A couple of years ago we could have confidently pointed to ransomware as the big issue, but now there’s more of a variety of threats to watch out for.”
