Symantec is warning business executives to be vigilant of social engineering tricks and noted the technical innovation in spam and malware over the last few months in its Symantec Intelligence Report.
The result that really stood out for Symantec.Cloud A/NZ principal systems engineer, Adrian Covich, was the discovery of malicious attacks being launched on organisations such as the Better Business Bureau of the United States and Canada.
“What we saw in this case was that there was attackers pretending to be a government organisation and then targeting business executives to get them to indirectly install viruses on their business machines,” he said.
The unique aspect of this attack was that it targeted executives as opposed to regular consumers that often find themselves the victim of broader attacks that usually just attempt to sell them things.
Spam
The Better Business Bureau attack was different in that it targeted the executives by saying there was a complaint about the business and referring them to a link, which was actually a payload that contained advanced JavaScript that downloaded infected material from a website. “That attack stood out for us, as it shows that a certain demographic is being specifically being targeted, and the level of social engineering is on par with the technical advancement,” Covich said.
While the report confirmed that spam has actually reached record low levels (68%) at the end of 2011, Covich said it is still too early to celebrate the end of junk email.
“While the figures are low, what spammers are attempting to do now with their spam is to make it deeper instead of wider, as was demonstrated in the Better Business Bureau incident,” he said.
“The pray and spray approach of the past is being replaced with a more targeted attack.”
Just because people do not see as much spam now as they did before, Covich warns that the spam of today is becoming smarter and, in turn, more effective in tricking people out of their money.
Email malware
Despite the downward trend for spam, companies such as Symantec still do not expect spam to go away completely, with Covich expecting it to be a part of the internet for “as long as there are cybercriminals out there attempting to make money from people”.
While Covich was unable to provide a future forecast on spam levels, he expects them to continue to “fluctuate slightly” both up and down over the coming months.
Email malware was also found to show a downward trend at the end of 2011, though it showed a slight up-tick at the start of 2012.
“What is remarkable about malware is the innovation taking place than the volume,” Covich said.
He points out that if someone sends out a large amount of email viruses that are caught by filters, then that is not effective, so a lot of malware writers who are “in it for the money” actively look for new way to get viruses to reach peoples’ machines.
“What we’ll see as time goes on is more advanced ways to deliver viruses both on the technical and social engineering sides,” Covich said.
View full post on National Cyber Security » Computer Hacking
