Story image

Something old, nothing new: Cybercrims still rely on spam

06 Aug 18

Cybercriminals may be experimenting with new ways to distribute their wares across the internet, but it turns out they still rely on the same techniques they have been using for decades: spam.

Research from security firm F-Secure found that spam remain the most common way of spreading malware, scams, and malicious URLs, even 40 years since the first email spam was sent.

“Email spam is once again the most popular choice for sending out malware,” comments F-Secure threat intelligence researcher Päivi Tynninen.

“Of the spam samples we’ve seen over spring of 2018, 46% are dating scams, 23% are emails with malicious attachments, and 31% contain links to malicious websites.”

Despite new attack methods, spam has actually become more popular – it still relies on mass email sends that can catch a small number of users.

And there’s even psychology behind it. MWR InfoSecurity behavioural science lead Adam Sheehan says that spam is a successful attack vector. Click rates have increased from 13.4% to 14.2% in the space of six months.

Spam also uses specific psychological tactics to snare as many users as possible.

According to F-Secure, the probability of a recipient opening an email increases 12% if the email claims to come from a known individual.

In addition, if a subject line is free from errors, it improves spam’s success rate by 4.5%

A phishing email states that its call to action that is very urgent gets less traction than when the urgency is implied.

While many people are becoming wise to the dangers of opening suspicious emails and clicking on unsolicited attachments, criminals are branching out and using methods other than attachments.

“Rather than just using malicious attachments, the spam we’re seeing often features a URL that directs you to a harmless site, which then redirects you to site hosting malicious content. The extra hop is an analysis evasion method for keeping the malicious content hosted for as long as possible,” Päivi says.

“And when attachments are used, the criminals often attempt to avoid automatic analysis by asking the user to enter a password featured in the body of the email to open the file.”

 F-Secure shields enterprises and consumers against everything from advanced cyber attacks and data breaches to widespread ransomware infections. Its products are sold all over the world by over 200 broadband and mobile operators and thousands of resellers. The company has also participated in a number of European cybercrime investigations.

London coworking space teams with Global Cyber Alliance
A London-based coworking space is about to become a major cybersecurity innovation hub and a primary UK landing pad for security challenge winners.
Comms providers hit by most DDoS attacks in Q3 2018
New data indicates attackers preyed on the large attack surface of ASN-level communications service providers with a ‘bit-and-piece’ approach.
Check Point launches hyperscale network security solution
With Check Point Maestro, organisations can scale up their existing Check Point security gateways on demand.
Should AI technology determine the necessity for cyber attack responses?
Fujitsu has developed an AI that supposedly automatically determines whether action needs to be taken in response to a cyber attack.
Trend Micro’s telecom security solution certified as VMware-ready
Certification by VMware allows communications service providers who prefer or have already adopted VMware vCloud NFV to add network security services from Trend Micro.
Frost & Sullivan honours Honeywell's IIoT value creation
Frost & Sullivan has awarded Honeywell with the 2018 Global Customer Value Leadership Award for its work protecting industrial internet of things (IIoT) customers.
Top cybersecurity threats of 2019 – Carbon Black
Carbon Black chief cybersecurity officer Tom Kellermann combines his thoughts with those of Carbon Black's threat analysts and security strategists.
Google's €50m fine a wake up call for big data analytics
Data analytics are essential to company growth, competitive differentiation, and innovation. But there’s now a huge challenge.