https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

From the Industry


Email Threats: A Thing of the Past?

  • Written by AppRiver Guest Blog 2_3
  • June 12, 2014

There is no doubt cybercriminals continue to use personal and rented botnets to pump the Internet full of unwanted advertisements for fake or knock-off products, but its effectiveness as a money-making device is dwindling. Now in the cyber underbelly, email has turned from mischievous to outright malicious, with campaigns once utilizing trickery to fool recipients into spending money to simply taking it.

There is no doubt cybercriminals continue to use personal and rented botnets to pump the Internet full of unwanted advertisements for fake or knock-off products, but its effectiveness as a money-making device is dwindling. Now in the cyber underbelly, email has turned from mischievous to outright malicious, with campaigns once utilizing trickery to fool recipients into spending money to simply taking it.  

Delivery Methods

Today’s cybercriminals employ many email methods to steal money. And since so many people maintain and rely on email accounts, what better place for cyber criminals to target?

Email-borne attacks come in the form of phishing, spear-phishing, trojans, malicious attachments and hidden scripts. Attack techniques are ever-evolving and adapt with technology in an effort to stay ahead of security professionals. This constant game of “cat and mouse” has driven malware authors to become very good at what they do, and has resulted in some very sophisticated code.

In the beginning, cybercriminals wishing to lure victims to a malicious site first would manually set up the site and then attract enough people to that site before it was shut down. Later, cybercriminals sent trojan horse viruses that pretended to be something of interest to the receiving party. It was often the attacker’s job to write the malicious code, send out emails and maintain compromised sites. While the trojan approach still lives on, the need for one person to maintain the prerequisite skill set and personal resources is no  longer necessary, thanks to underground outsourcing. Today, just about anyone with the desire and wherewithal can assemble an entire cybercrime team and be ready to go within days.

Threat Variants

We have seen millions of variants of email-borne malware, including “Melissa” from 1999.  Melissa was dubbed after the author’s love affair with—you guessed it—a woman named Melissa. Purporting to be a Microsoft Word document, Melissa was actually a worm that spread so quickly it caused a massive shutdown, the largest the world had ever seen up until that point.

Fast forward a few years and a massive surge of email-delivered viruses ran rampant with help from Blaster Worm, Sasser, Slammer and an even more destructive and hearty strain named Storm Worm, which had a team of people maintaining its code and its subsequent botnet. Storm Worm’s code was so strong that it was one the most prevalent threats from 2007 to 2010.

In recent years, SpyEye, Zeus and mega botnet Cutwail have also wreaked serious havoc. The point is that the landscape is constantly changing to meet the needs of the attackers, as well as respond to the obstacles the security pros put in their way.

Introducing the Malware Kit

A decade ago, personal gratification may have been realized when spammers successfully executed a mass email attack. But today’s objective is much more sinister and involves money—your money.

Unfortunately, today’s cyberattackers need little training to initiate malicious threats. Once upon a time, technical knowledge was required to create and run malware operations. But today, malware toolkits (‘kits’) are easy to find and use on underground forums.

Malware authors make malware kits to make money. Kits are sold to individuals who have the desire to commit cybercrime, but lack the ability to do so.

Most malware kits are affordable, sometimes hitting the black market for a few thousand dollars each and then drop down to a couple hundred dollars once the newness of a particular brand fades. Some kits even come with the added benefit of a support feature that grants the purchaser access to the kit author so that any questions related to the kit and its proper function can be answered in a timely manner. What’s more, some authors offer upgrade versions so that their payloads attached to email campaigns can remain undetected by even the most current antivirus solution, guaranteed.

Kits are often made with novice users in mind. One simply needs to input data (such as a victim’s email address), compose a generic email body and give it a destination to report back to. After that, the user clicks, “Go” and the kit will do everything by exploiting vulnerabilities in other websites on which to host malicious code and a place to store their newly obtained stolen private personal information.

Enter the Breach

Targeted user threats such as the ones discussed above have become almost passé to cybercriminals, who are anxious for a quick score of private personal information in one fell swoop.

It appears that some of the most sought-after targets today are those that house millions of pieces of stored data in one place. Such targets include large department stores, e-commerce warehouses or any large entity that has credit card, password and/or other data stored on servers that potentially lack proper storage security procedures.

The general public is quickly learning the importance of data security. Still, many organizations fail to take heed and find themselves in the middle of a media blitz when consumers discover that their data has been handled in less-than-savory manners. Such data breaches cost much more in disaster recovery than they would have if proper security protocol was in place in the first place.

Vigilance is Key

It may be true that spam is on the decline, but email and the Internet itself has not become less dangerous because of it.

Due to demand and enhanced security, cybercriminals are getting more creative with advanced techniques and are unleashing greater threats. That’s why education and awareness of cyber dangers are needed. After all, complacent individuals often find themselves the next victims.

About the Author

Fred Touchette, CCNA, GSEC, GREM, GPEN, Security+, is a senior security analyst at AppRiver, primarily responsible for evaluating security controls and identifying potential risks. Touchette provides advice, research support, project management services and information security expertise to assist in designing security solutions for new and existing applications.

Guest blogs such as this one are published monthly and are part of Talkin' Cloud's annual platinum sponsorship.

Tags: Cloud Service Providers Digital Service Providers MSPs VARs/SIs From the Industry

Related


  • Ransomware and malware
    Help Your Customers Mitigate Malware: Viruses, Worms, and Trojans…Oh My!
    With the right antivirus protection, your customers can better detect and prevent the spread of malware.
  • SMB cybersecurity
    SMBs’ Cybersecurity Risk Awareness Is Rising
    The majority of SMBs would switch MSPs for the right cybersecurity support.
  • cloud data
    Your Cloud Data Is Protected, But Is It Portable?
    Why flexibility and containerization are the new must-haves for cloud data.
  • office 365
    How to Improve First Call Resolution with Microsoft Office 365 Service Tickets
    Here are some tools and strategies for improving the rate of FCR with Office 365 service tickets.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • 2021 Trends: Set the Stage for a Successful 2021
  • Top 4 Benefits of an RMM System
  • Rethink Endpoint Protection in 2021
  • 2020: The Year of the Triple

Galleries

View all

New, Changing Partner Programs: AWS, Tech Data, Avaya, Verizon

January 11, 2021

Industry Perspectives

View all

The Importance of Being Security-Centric

January 22, 2021

Cyberattacks: Threat Hunters Conquer Unpredictability with 3 Measures

January 21, 2021

The Right Data Migration Tool Helps Schools Move to Cloud During COVID Crisis

January 19, 2021

Webinars

View all

Who’s Behind the Mask? Hacker Personas Explained

January 26, 2021

Your Network Perimeter Has Changed

February 18, 2021

How Managed Hosting Providers Thrive with the Alternative Cloud

February 24, 2021

White Papers

View all

Why Subscription Business Model

January 15, 2021

The Ultimate MSP Guide to Sales Efficiency

January 14, 2021

Eight Reasons Why MSPs Need IT Industry-Specific Sales Tools

January 14, 2021

Upcoming Events

View all

Channel Partners Virtual

March 2, 2021 - March 4, 2021

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

.@exabeam, @VulcanCyber, @ntti3, @Vectra_AI, @Lookout and @valtixinc give high marks to @POTUS' federal… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

Judge sides with @AWScloud against #Parler; @SADAsystems gets AI-centric board member; @EnsonoIT, @navisite get… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

2021 may be the year of the #security-centric #MSP @BarracudaMSP #remoteworking #ITsecurity #dataprotection #RMM… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

Adding #AIOps and #AI-driven WANs will help IT administrators move forward, says @MistSystems.… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

Microsoft taps @tybryson as corporate VP @msuspartner group @julwhite heading to SAP, @anderson to @Qualtrics.… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

#MSPs can inject predictability into #threathunting @Sophos #cybersecurity #ransomware dlvr.it/Rr4ffV https://t.co/Bztc2Yxwvc

January 22, 2021
ChannelFutures

.@RiskBased report shows decrease in #databreaches, jump in exposed records in 2020. dlvr.it/Rr4fcW https://t.co/PYiDMiJFbt

January 22, 2021
ChannelFutures

Legal experts say @VMware's #lawsuit against @nutanix's new CEO holds little weight. dlvr.it/Rr48FJ https://t.co/oLxPhgvgAt

January 21, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X