Global Threat Report – mid-year 2013

AppRiver's mid-year edition to its Global Threatscape Report primarily shows the same things getting worse. Spam, which dipped during 2012, is increasing again. "By June," notes AppRiver, "spam traffic has nearly doubled over the total number of spam messages seen in January and is at the highest levels we have seen since November 2011." Europe is the most common source for spam, "driven in large part by the colossal spike in traffic from Belarus."

Java and Flash continue to be the most exploited applications; and Android the most exploited mobile platform. Blackhole remains the most widely used exploit kit, with RedKit gaining ground this year. It all sounds very familiar. But AppRiver does highlight a couple of new trends. Firstly it warns that mobile Android malware is getting more sophisticated with malware developers mimicking the methods already tried and tested in the PC world.

"While the majority of mobile malware we have seen emerge in the past have infected users via malicious app install [app repackaging], the infection vectors are now beginning to look more and more like malware we have seen targeting PCs over the years." It gives an example of botnet-based spam messages with a video lure leading to  a 'Flash Player Update' message. "Sound familiar?" asks AppRiver. "This is frightening stuff because it takes the tried and true techniques used to infect PCs for many years and puts them in play in the mobile device market."

The second highlight is something AppRiver detected back in January: distributed spam distraction. It is a variant on the DDoS used to distract banks while fraudulent transactions are in process. In this instance, however, it is directed against the individual account owner. "All of a sudden your inbox begins to fill with hundreds upon thousands of spam emails whose contents are nothing but mash-ups of words and phrases from literature." 

After anything between 12 and 24 hours that could see up to 60,000 botnet-delivered meaningless spam messages, it just stops. The purpose, however, is simply to prevent the victim's access to his or her legitimate emails. The attackers have already obtained the victim's bank credentials, and just before they make a fraudulent transaction they flood the victim's in-box. The intention is to hide any account transaction confirmation emails sent out by the bank.

If this happens, suggests AppRiver, don't attempt to monitor the inbox but go straight to monitoring your bank account activity – and perhaps warn the bank in advance of a possible fraud. "These fraudulent transactions need to be caught fast," says AppRiver security analyst Fred Touchette, "so that they can be stopped at the financial institution before they're finalized.”

What’s Hot on Infosecurity Magazine?