Cloudmark’s Annual Security Threat Report is now available. Through Cloudmark’s unique crowd sourced security platform, which analyses user behaviour from more than 1 billion subscribers and more than 10% of the world’s email traffic, it is able to detect the largest threats of the year and the impact they will have in 2016.
- 25,000 different malicious Bitly links detected, of which 97% are email spam and damaging brands such as CNN and AOL
- Spammers using this method as an easy way to generate an unlimited number of call-to-actions URLS that redirect to a server that hosts storefronts and spam content. With so many links within the email messages – spam filtering is challenges to detect them all
- Top brands are suffering – The CNN.it URL shortener was abused, peaking at 8,800 malicious URLs on a single day on 11th Jan 2016.
- Swizzor Malware flies under the radar to deliver unsolicited ads, modifying browser setting without user permission
- This silent threat delivers booby-trapped emails to unsuspecting users with varying subject lines such as “you have received a coupon!”
- Each email contains a zipfile which has the malware payload – the malware uses a simple domain generation algorithm (DGA) for command and control (C&C) synchronization to create a large number of domains that then clash with legitimate websites and make it difficult to have them taken down
- IoT on the hitlist for cybercriminals
- As IoT advances and creates more uses for connected devices and intelligence, criminals will find a way to take advantage for malicious purposes
- A home security system could be hacked and instructed to unlock a door to allow a thief to enter – or worse, lock a victim in
- Other examples include, spying on conversations, filming people in the privacy of their homes using smart TVs connected to webcams
Andrew Conway, Research Analyst at Cloudmark, told IT Security Guru “There’s usually an easy way of updating the software that runs on computers and mobile devices. Sometimes the software updates are automatic and happen in the background, and sometimes you are relentlessly nagged to install the latest release. There’s a good reason for this. Many of those updates are not there to add new features or functionality, they are there to fix bugs that would otherwise leave you vulnerable to attack. In most cases there is no such easy upgrade path for IoT devices. There may not be an upgrade path at all, and if there is it may involve, say, going to the vendor’s website on your computer, downloading new firmware, attaching your computer to the device with a USB cable, and running an installer program on your computer. That is only ever going to happen for a tiny percentage of the devices out there.
This is important because the longer any software goes without updates, the more bugs will have been found in it. Many IoT devices are running some variant of Unix in their embedded software, which means that a single critical bug may render huge numbers of IoT devices vulnerable. Even as I write, sysadmins all around the world are patching their servers for a bug in the GNU C library, which allows remote code execution by a malicious DNS packet. Are IoT devices vulnerable to the same attack? Any that can be tricked into doing an arbitrary DNS lookup may be, and the chances of them getting patched are extremely small.
Recently an engineer at a leading Email Service Provider complained to me that one of their big problems was not spammers trying to abuse their services directly, but spammers compromising their clients’ networks and using trusted devices there to send spam. But the trusted device need not be a computer or mobile device. In one case it was a copy machine.”
Other scams highlighted by the report includes:
- 2016 predictions: zero day exploits will hold seven figure value; more factories and critical infrastructure will be cyber attacked
- Zero days become so valuable we may see them deliberately introduced by developers – as vulnerability bounties reach 6 and 7 figures some developers will insert deliberate vulnerabilities so a friend can identify the bounty
- The government will ruin the UK’s TechCity with legislation – the Investigatory Powers Bill will cause other major Internet companies to follow Yahoo!’s lead and move their operations out of the UK to avoid being subject to this law.
- 91% of firms have experienced a spear phishing attack, costing companies $1.6m annually
- Germany has become the biggest spammer in Europe, sending even more spam email than Russia, India and China