Email Attackers Switch to ‘Blitzkrieg’ Tactics to Maximize Impact

Cybercriminals are maturing their “weaponization” of email borne attacks, with sophisticated malware and “blitzkrieg” attacks designed to steal personal information, extort money and destroy trust between business and customer, according to email security firm Agari.

In order to compile its Q1 2014 Email TrustIndex, the vendor looked at the email sending domains of a wide range of companies in various sectors and analyzed their implementation of email authentication standards such as SPF, DKIM and DMARC.
From this it derives a “TrustScore” from between 5 and 100.
It also calculated the volume of spam and malicious emails sent by cyber criminals purporting to be various companies in order to calculate a relative ThreatScore.
E-tailers and social companies came out top in Q1 regarding their TrustScores, while healthcare, retail, airlines and many banks were described as laggards.
Financial institutions – classed as “Mega Banks” and “Large Banks - Europe” - also came out top of the ThreatScore charts.
European banks in particular are some way behind their US counterparts, according to Agari CEO Patrick Peterson.
“We’ve got to get European banks caught up when it comes to consumer protection,” he told Infosecurity. “The TrustIndex shows that many of them are still easy targets.”
Peterson also claimed that email borne phishing attacks are increasingly featuring malicious URLs and attachments designed to insert malware like ransomware Trojan Cryptolocker or sophisticated password-stealing ZeuS variant, Gameover.
“Their investment in weaponization has reached a new level and a lot of this new sophisticated malware is delivered over email,” he argued.
The past quarter has also seen cyber attack campaigns undergo “an aggressive shift to blitzkrieg tactics”, according to Peterson.
Traditionally, cyber criminals have looked to keep their email campaigns going for as long as possible, under-the-radar. However, Agari is now seeing sudden spikes in activity as they briefly come out into the open, firing out as many malicious emails as possible before security vendors can mitigate the threat.
Such an attack could see as many as 12 million malicious emails from a particular source sent over a six hour period.
“The goal is a sneak attack,” said Peterson. “[Attack] the hell out of the victims and then go away for days or weeks … Most of the weponized attacks we see are following that pattern.”

What’s Hot on Infosecurity Magazine?