Eskenzi PR Eskenzi PR
  • About Us
Sunday, 7 March, 2021
IT Security Guru
Eskenzi PR
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Report – JavaScript attachments lead an explosion of malicious message volume

by The Gurus
July 26, 2016
in Editor's News
Share on FacebookShare on Twitter

Proofpoint has today published its Quarterly Threat Report which analyses attacks across email, mobile and social across the last three months.
The first five months of 2016 were dominated by malicious email campaigns of unprecedented volume. New ransomware variants emerged quickly. Meanwhile, Dridex actors began distributing Locky ransomware and repeatedly shifted tactics with new loaders, document attachment types, and obfuscation techniques to evade detection.
Then at the end of May, one of the largest botnets in the world – the so-called Necurs botnet – suddenly went dark. The change brought Dridex and Locky distribution to a near halt. At the same time, the hugely popular Angler exploit kit (EK)—an all-in-one toolkit that largely automates web-based cyber attacks—went silent. Together, these shifts led to an eerily quiet June.
Even as these changes rippled through the industry, social media threats such as fraudulent customer service accounts continued to proliferate. Mobile threats also targeted multiple vulnerabilities and the mobile space looked increasingly like the desktop space, complete with exploit kits and adware.
Below are key takeaways from the second quarter of 2016.
Key Takeaways

  • JavaScript attachments led an explosion of malicious message volume – 230% quarter over quarter. Many Locky and Dridex actors turned to JavaScript files attached to email messages to install payloads. These attacks were among the largest campaigns we have ever observed, peaking at hundreds of millions of messages a day.
  • Locky dominated email, while CryptXXX dominated EK traffic. Among email attacks that used malicious document attachments, 69% featured the new Locky ransomware in Q2, versus 24% in Q1. That surge propelled Locky into the top spot for email-based malware, displacing Dridex. CryptXXX appeared on the scene in Q2 and quickly dominated the EK landscape. Overall, the number of new ransomware variants (most distributed by EKs) grew by a factor of 5 to 6 since Q4 2015.
  • Threat actors conducted highly personalized campaigns at scales of tens to hundreds of thousands of messages. This is a change from the much smaller campaigns that have used personalized and targeted lures in the past.
  • Business email compromise (BEC) attempts continued to evolve. Attackers changed lures based on seasonal events such as tax reporting. They also varied their approaches to increase the effectiveness and scale of the attacks.
  • EK traffic we observed dropped by 96% between April and mid-June. The Necurs botnet went offline in June, silencing the massive Locky and Dridex campaigns that defined the first half of 2016. Traffic from the Angler EK had completely disappeared by early June, shortly after the Nuclear EK had shuttered operations. That left Neutrino as the top EK by the end of June.
  • By the end of June, the first large Locky email campaigns were beginning again with all signs pointing to a return of the Necurs botnet. It remains to be seen how the EK landscape will shake out over the next quarter.
  • As many as 10 million Android devices were compromised by EKs. The EKs targeted multiple vulnerabilities that let attackers take control of the devices. In most cases this control was used to download adware that generated profits for threat actors.
  • 98% of mobile malware is still associated with the Android platform. This proportion is holding steady from last quarter.
  • Social media phishing attempts rose by 150%. Organizations continued to cope with spam, adult content, and other issues that overwhelmed their ability to resolve the issues manually.

Read the full Q2 Threat Summary.

0 0 vote
Article Rating
FacebookTweetLinkedIn
Tags: AndroidBotnetCyberCyber SecuritydridexJavascriptMalwareproofpointRansomware
ShareTweetShare
Previous Post

Twitter Pays Researcher $10,000 for Hacking Vine

Next Post

Open Source software now enables gov.uk sites to be deployed rapidly

Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments

Recent News

Malaysia Airlines

Malaysia and Singapore Airlines Breached in Third Party Hacks

March 5, 2021
Fraud attempts skyrocketed in 2020 according to latest Financial Crime Report from Feedzai

Fraud attempts skyrocketed in 2020 according to latest Financial Crime Report from Feedzai

March 4, 2021

Top 10 awards to enter for cybersecurity 

March 3, 2021
Medal

Identity theft: US Congressional Medal of Honor

March 3, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept