Email Threats: A Thing of the Past?
There is no doubt cybercriminals continue to use personal and rented botnets to pump the Internet full of unwanted advertisements for fake or knock-off products, but its effectiveness as a money-making device is dwindling. Now in the cyber underbelly, email has turned from mischievous to outright malicious, with campaigns once utilizing trickery to fool recipients into spending money to simply taking it.
There is no doubt cybercriminals continue to use personal and rented botnets to pump the Internet full of unwanted advertisements for fake or knock-off products, but its effectiveness as a money-making device is dwindling. Now in the cyber underbelly, email has turned from mischievous to outright malicious, with campaigns once utilizing trickery to fool recipients into spending money to simply taking it.
Delivery Methods
Today’s cybercriminals employ many email methods to steal money. And since so many people maintain and rely on email accounts, what better place for cyber criminals to target?
Email-borne attacks come in the form of phishing, spear-phishing, trojans, malicious attachments and hidden scripts. Attack techniques are ever-evolving and adapt with technology in an effort to stay ahead of security professionals. This constant game of “cat and mouse” has driven malware authors to become very good at what they do, and has resulted in some very sophisticated code.
In the beginning, cybercriminals wishing to lure victims to a malicious site first would manually set up the site and then attract enough people to that site before it was shut down. Later, cybercriminals sent trojan horse viruses that pretended to be something of interest to the receiving party. It was often the attacker’s job to write the malicious code, send out emails and maintain compromised sites. While the trojan approach still lives on, the need for one person to maintain the prerequisite skill set and personal resources is no longer necessary, thanks to underground outsourcing. Today, just about anyone with the desire and wherewithal can assemble an entire cybercrime team and be ready to go within days.
Threat Variants
We have seen millions of variants of email-borne malware, including “Melissa” from 1999. Melissa was dubbed after the author’s love affair with—you guessed it—a woman named Melissa. Purporting to be a Microsoft Word document, Melissa was actually a worm that spread so quickly it caused a massive shutdown, the largest the world had ever seen up until that point.
Fast forward a few years and a massive surge of email-delivered viruses ran rampant with help from Blaster Worm, Sasser, Slammer and an even more destructive and hearty strain named Storm Worm, which had a team of people maintaining its code and its subsequent botnet. Storm Worm’s code was so strong that it was one the most prevalent threats from 2007 to 2010.
In recent years, SpyEye, Zeus and mega botnet Cutwail have also wreaked serious havoc. The point is that the landscape is constantly changing to meet the needs of the attackers, as well as respond to the obstacles the security pros put in their way.
Introducing the Malware Kit
A decade ago, personal gratification may have been realized when spammers successfully executed a mass email attack. But today’s objective is much more sinister and involves money—your money.
Unfortunately, today’s cyberattackers need little training to initiate malicious threats. Once upon a time, technical knowledge was required to create and run malware operations. But today, malware toolkits (‘kits’) are easy to find and use on underground forums.
Malware authors make malware kits to make money. Kits are sold to individuals who have the desire to commit cybercrime, but lack the ability to do so.
Most malware kits are affordable, sometimes hitting the black market for a few thousand dollars each and then drop down to a couple hundred dollars once the newness of a particular brand fades. Some kits even come with the added benefit of a support feature that grants the purchaser access to the kit author so that any questions related to the kit and its proper function can be answered in a timely manner. What’s more, some authors offer upgrade versions so that their payloads attached to email campaigns can remain undetected by even the most current antivirus solution, guaranteed.
Kits are often made with novice users in mind. One simply needs to input data (such as a victim’s email address), compose a generic email body and give it a destination to report back to. After that, the user clicks, “Go” and the kit will do everything by exploiting vulnerabilities in other websites on which to host malicious code and a place to store their newly obtained stolen private personal information.
Enter the Breach
Targeted user threats such as the ones discussed above have become almost passé to cybercriminals, who are anxious for a quick score of private personal information in one fell swoop.
It appears that some of the most sought-after targets today are those that house millions of pieces of stored data in one place. Such targets include large department stores, e-commerce warehouses or any large entity that has credit card, password and/or other data stored on servers that potentially lack proper storage security procedures.
The general public is quickly learning the importance of data security. Still, many organizations fail to take heed and find themselves in the middle of a media blitz when consumers discover that their data has been handled in less-than-savory manners. Such data breaches cost much more in disaster recovery than they would have if proper security protocol was in place in the first place.
Vigilance is Key
It may be true that spam is on the decline, but email and the Internet itself has not become less dangerous because of it.
Due to demand and enhanced security, cybercriminals are getting more creative with advanced techniques and are unleashing greater threats. That’s why education and awareness of cyber dangers are needed. After all, complacent individuals often find themselves the next victims.
About the Author
Fred Touchette, CCNA, GSEC, GREM, GPEN, Security+, is a senior security analyst at AppRiver, primarily responsible for evaluating security controls and identifying potential risks. Touchette provides advice, research support, project management services and information security expertise to assist in designing security solutions for new and existing applications.
Guest blogs such as this one are published monthly and are part of Talkin' Cloud's annual platinum sponsorship.
