Story image

Something old, nothing new: Cybercrims still rely on spam

06 Aug 2018

Cybercriminals may be experimenting with new ways to distribute their wares across the internet, but it turns out they still rely on the same techniques they have been using for decades: spam.

Research from security firm F-Secure found that spam remain the most common way of spreading malware, scams, and malicious URLs, even 40 years since the first email spam was sent.

“Email spam is once again the most popular choice for sending out malware,” comments F-Secure threat intelligence researcher Päivi Tynninen.

“Of the spam samples we’ve seen over spring of 2018, 46% are dating scams, 23% are emails with malicious attachments, and 31% contain links to malicious websites.”

Despite new attack methods, spam has actually become more popular – it still relies on mass email sends that can catch a small number of users.

And there’s even psychology behind it. MWR InfoSecurity behavioural science lead Adam Sheehan says that spam is a successful attack vector. Click rates have increased from 13.4% to 14.2% in the space of six months.

Spam also uses specific psychological tactics to snare as many users as possible.

According to F-Secure, the probability of a recipient opening an email increases 12% if the email claims to come from a known individual.

In addition, if a subject line is free from errors, it improves spam’s success rate by 4.5%

A phishing email states that its call to action that is very urgent gets less traction than when the urgency is implied.

While many people are becoming wise to the dangers of opening suspicious emails and clicking on unsolicited attachments, criminals are branching out and using methods other than attachments.

“Rather than just using malicious attachments, the spam we’re seeing often features a URL that directs you to a harmless site, which then redirects you to site hosting malicious content. The extra hop is an analysis evasion method for keeping the malicious content hosted for as long as possible,” Päivi says.

“And when attachments are used, the criminals often attempt to avoid automatic analysis by asking the user to enter a password featured in the body of the email to open the file.”

 F-Secure shields enterprises and consumers against everything from advanced cyber attacks and data breaches to widespread ransomware infections. Its products are sold all over the world by over 200 broadband and mobile operators and thousands of resellers. The company has also participated in a number of European cybercrime investigations.

Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.
Ransomware’s decline equals cryptomining’s rise
ESET’s Security Days Conference recently took place to go over the current threat environment and what to look out for next.
IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.
ForgeRock launches Sandbox-as-a-Service to facilitate compliance
The cloud-based testing environment for APIs enables banks to accelerate compliance with Open Banking and PSD2 deadlines.