Highly targeted senior management email attacks with increased sophistication

(28/09/2007)

According to the latest MessageLabs Intelligence Report for September and 3rd quarter of 2007, virus and phishing levels have significantly increased, reaching levels not seen since early 2006. In addition, MessageLabs exposes a second wave of highly targeted C-level and senior management email attacks with increased sophistication and outreach.

With a virus threat now incorporated within every 48 emails, cyber-criminals are steering away from using the more obvious attachment method of distribution and favoring the use of links to malicious websites hosting malware code. This technique, which increased in popularity by approximately 15 percent this quarter, enables social engineering-based attacks such as e-postcards to be utilized.

Mirroring the recent resurgence in virus attacks, the volume of phishing threats has also reached exponential levels this month with every 87 emails comprising of a phishing attack. Through the increased availability of phishing kits and the uptake of aggressive phishing techniques such as ‘rock’ phishing, the quantity and severity of these attacks are able to increase dramatically. ‘Rock’ phishing utilized a phishing kit which enables a single compromised computer within a botnet to host multiple phishing sites at the same time.

September is not just the month of mass-outreach attacks, the highly targeted approach is still rife. On September 12, more than 1,100 C-level and senior management executives became the target of another attack, thought to be from the same perpetrators of the June 26 C-level assault. With increased sophistication, the emails, which purport to be from a recruitment company, use a Microsoft error message to persuade the victims to click on the RFT attachment. Once opened, the RFT file contains an executable which drops two files onto the computer which in turn will be used to pass sensitive information back to the attacker.

Other report highlights:

Web Security: Analysis shows that 73.8 percent of the malware intercepted in September was new. Analysis of policy-based traffic highlighted that corporate tolerance of social networking sites is diminishing with Facebook being the most blocked site within the Personal’s and Dating category for SMBs and Friends Reunited top of the same category for the Enterprise.

Spam: In September, the global ratio of spam in email traffic from new and unknown bad sources, for which the recipient addresses were deemed valid, was 73.5 percent, a decrease of 0.5 percent on the previous month. When reviewing the overall spam rates on a quarterly basis, a drop of 0.9 percent was observed since Q2 2007.

Viruses: This month, the global ratio of viruses in email traffic from new and previously unknown bad sources destined for valid recipients was 1 in 48.8 emails (2.05 percent), an increase of 0.8 percent since last month. Virus and trojan levels have declined steadily since 2006, with the Q3 2007 rates of 1 in 67.2 emails being the highest quarterly level since Q2 2006.

Phishing: With an increase of 0.6 percent, one in 87.2 emails comprises of some form of phishing attack in September, the highest level to date. When judged as a proportion of all email-borne threats such as viruses and trojans, the number of phishing emails has risen by 9.7 percent to 56.0 percent of the malware threats intercepted in September. Over the last quarter, phishing rates have increased from 1 in 232.0 to 1 in 124.3.

Geographical Trends:

· Israel continued to have the highest spam rate this month with 73.8 percent. Hong Kong was the second most highly spammed country registering a 6.6 percent increase in spam since August.

· Japan had the lowest spam rate with 27.1 percent. Germany also saw a sharp decrease of 10.2 percent in spam rates in the last month, marking a quarterly decline of 6.63 percent

· India still remains the region most affected by viruses with 1 in 53 emails containing a virus. The largest rise in virus activity was observed in the Netherlands where levels rose by 0.2 percent, from 1 in 750.1 emails in August to 1 in 303.3 emails in September.

Vertical Trends:

· The Agriculture sector is still ranked the most spammed sector with 67.8 percent, marking a slight increase of 0.9 percent from the previous month. Over the previous quarter this marks a continued increase of 7.36 percent.

· Despite an increase of 3.3 percent, Finance remains the least spammed sector; this is reflected in a large quarterly decrease of 11.13 percent.

· Since rising to the top of the virus chart in August, the education sector continues to retain its position, with an increase of 0.25 percent in September.

· In contrast to being the most spammed, Agriculture is the sector least affected by viruses with a further drop of 0.2 percent in September contributing to a quarterly drop of 0.28 percent.

“The start of the new school year seemed to bring back an increase in old-school threats and in high volumes. With email more ubiquitous than the telephone and one in 48 emails containing a virus, most people are unwittingly receiving more than one virus a day,” said Mark Sunner, Chief Security Analyst, MessageLabs.

“As we enter the last quarter of 2007 and draw closer to the holiday season, the bad guys will be provided opportunity to disguise their attacks through the increase in genuine well-wishing emails and the anticipated upsurge in online shopping traffic. In addition, with the incessant rise of comprised machines through aggressive botnet activity, further spam level increases are anticipated.”

Related topics:  Hacking and intrusion prevention   Internet and Web security   Security threats and vulnerabilities   Virus, Worm, Email security, spyware and malware 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources