Skip to main content

In mobile cyberwar, attackers prefer to phish rather than send malware

After examining half a billion emails sent between January and June, researchers at FireEye revealed that an alarming one out of every 101 emails are malicious, but it’s not just malware that you should be looking out for. While malicious emails can either contain a link to convince you to download harmful software onto your system, attackers can also deceive you into divulging sensitive information through phishing scams.

In fact, 10 percent of all malicious emails sent today contain viruses, worms, ransomware, trojans, spyware, or adware. These emails are classified as malware. However, most emails — an overwhelming 90 percent — are based on social engineering scams, such as spear phishing, impersonation, credential harvesting, or other schemes. The number of non-malware scams has increased by 65 percent year-over-year.

The shift in attack strategy has been largely driven by the adoption of mobile devices. Because most people check their emails on their phones, it’s harder to send a virus that way and attackers are changing their strategy. “With email security solutions focused on detecting malware, cybercriminals are adapting their attacks, exposing organizations to malware-less assaults such as CEO fraud,” FireEye reported.

Researchers noted that it’s easier for hackers to trick their victims into thinking they’re communicating with someone they know with CEO fraud and spear phishing campaigns because “most mobile email clients display only the sender’s name — and not an email address.” By using social engineering, these types of attacks are much easier to carry out against victims using mobile devices. Hackers no longer have to spoof an entire domain name — instead, all they need to do is convince you that you’re communicating with a trusted person, like a boss or CEO, by faking the name displayed in the header of the message.

Though phishing campaigns have been on the rise worldwide, these types of attacks have gained a lot of publicity in the United States since the 2016 presidential election. It’s been reported that a successful phishing attempt gave Russian hackers to approximately 60,000 emails belonging to John Podesta, the campaign chairman of Hillary Clinton. The tactic was also used to breach the network of Sony Picture Entertainment in a highly publicized hack in 2014.

FireEye claims that email is the most popular vector for cyber attacks, and that “91 percent of cybercrime starts with email.”

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
Hackers are infiltrating news websites to spread malware
A black fedora rests on top of newspapers infected with spreading green lines..

Some alarming news broke today that hundreds of U.S. news websites are unwittingly playing a big role in a new malware campaign that's disguised as a Chrome browser update. This is quite a devious attack method since it's considered an important security practice to update your browser as soon as possible.

The way hackers are delivering the malware is also clever. It’s coming via an advertising network that also supplies video content to newspaper websites across the nation. It’s difficult to identify and shut down this attack because it is applied intermittently. According to a tweet by the security research team Threat Insight, the JavaScript code is being changed back and forth from the normal harmless ad delivery script to the one that includes the hacker code that shows a false update alert.

Read more
This new malware is targeting Facebook accounts – make sure yours is safe
Facebook logo appears with a hooded figure over a cracked blue background.

In the ongoing barrage of cyberattacks, Facebook users are being targeted by a new version of the Ducktail malware that originally surfaced in July. The first implementation was specifically aimed at Facebook Business accounts, but it has recently become a more widespread danger.

The latest version of Ducktail collects any and all Facebook data available on an infected computer. If it happens to be a business account, payment methods could be discovered, putting your money at risk. Furthermore, Facebook Business data might include billing information and cycles, which could be used to help disguise unauthorized purchases.

Read more
New COVID-19 phishing emails may steal your business secrets
Woman Checking Her Email

Google Forms are being used as a way to obtain the sensitive information of business owners through COVID-19 phishing emails, according to a new report.

As reported by Bleeping Computer, phishing messages based on COVID-19 have started to become increasingly popular in recent weeks.

Read more