According to FireEye research, cybercriminals use a variety of techniques to create a sense of urgency and trick unsuspecting recipients into downloading malicious files. The express shipping category used to evade traditional IT security defenses in email-based attacks is included in about one quarter of them, including words like “DHL,” “UPS,” and “delivery.” A typical example of a malicious attachment might look like “UPS-Delivery-Confirmation-Alert_April-2012.zip.”
The report highlights that cybercriminals primarily use zip files in order to hide malicious code, but PDFs and executable files show up from time to time as well.
Other interesting tidbits from the report include that urgent terms such as “notification” and “alert” are found in about 10% of attacks. And, cybercriminals tend to use finance-related words whenever possible, such as the names of financial institutions and an associated transaction; for example, “Lloyds TSB - Login Form.html,” and tax-related words, such as “Tax_Refund.zip.”
Travel and billing words are also popular, including “American Airlines ticket” and “invoice.”
According to recent data from the FireEye Advanced Threat Report, for the first six months of 2012, email-based attacks increased 56%. These attacks bypass traditional signature-based security defenses, preying on naïve users instead to install malicious files.
“Cybercriminals continue to evolve and refine their attack tactics to evade detection and use techniques that work; spear-phishing emails are on the rise because they work.” said Ashar Aziz, founder and CEO at FireEye. “Signature-based detection is ineffective against these constantly changing advanced attacks, so IT security departments need to add a layer of advanced threat protection to their security defenses.”
Further, think before you click next time you receive a link from a Twitter follower. FireEye noted that phishing emails and links are particularly effective when cybercriminals use information from social networking sites to personalize emails and make them look mostly authentic. When unsuspecting users respond, they may inadvertently download malicious files or click on malicious links in the email, allowing criminal access to corporate networks and the potential exfiltration of intellectual property, customer information, and other valuable corporate assets.