Your Emails could be a Door for Malicious Software…

Email Spam and Phishing is certainly not a new concept but, they are becoming more sophisticated. They are increasingly adopting an appearance of something that the recipient is familiar with – appearing like it is from a delivery company, social media contacts, banks, stores etc. The more familiar the content seems to the recipient, the more likely they would open it or click on the links within the email, which could lead to their system being infected.

The purpose of malicious spam is to make money, obtain sensitive information or spread malicious codes. Emails can contain links that would direct the reader to phishing or malware filled websites or they can contain mischievous file attachments – like CryptoLocker which surfaced in 2013.

CryptoLocker is often concealed within a fake delivery note attachment and once opened it would release Trojan RansomWare onto the system, encrypt the victim’s data and sell it back to them! Within a week over 10,000 people fell victim to it and months after its initial debut there are now reports from ThreatPost that it can infect Android devices now (don’t worry you have to download the APK file first!).

Email security is a cause for concern, in the Kaspersky Security Bulletin it suggests Corporations are increasingly falling victim to Cybercrime, 91% of those surveyed fell victim to a cyber-attack at least once in the last 12 months and the top causes included Viruses, Malware, Spam and Phishing. What’s more in 2013 alone Kaspersky Lab products detected a total of almost 3 billion malware attacks on end users computers!

However with the ‘Internet of Things’, where everything is connected, the sophistication of spam, malware and phishing attacks is not just limited to emails and the internet; in January it was found 750,000 spam emails were sent from compromised smart fridges.

Another example would be the US retailer ‘Target’ point-of-sale (POS) system was infected with malware; this caused as many as ‘40 million credit and debit card details and 70 million customers’ personal details stolen in cyber-attack. This POS malware attack caused both financial and brand reputation losses, with consumers avoiding the stores as they are worried causing sales to decline, a prediction of a 2% – 6% decrease for the quarter. Also, whether it is directly related to the data breach or not, Target stated in a press release there will be store closures in May.

Corporate victims of spam, malware, viruses, phishing most often than not, the motive is simple – to obtain business data. Emails are a quick and convenient communication tool and it is often misused as carriers of malicious spam – by having email security solution in place it can lower the risk of these attacks. But there are a lot of choices when it comes to email security in the market so choose carefully. It may seem trivial talking about email security but, emails can potentially be the door to your systems and data for cybercriminals. Be protected!

Advertisements

Malware – The Potential Horrific Consequences

In the Kaspersky Security Bulletin it suggests Corporations are increasingly falling victim to Cybercrime, a whopping 91% of those surveyed by Kaspersky Lab and B2B International  fell victim to a cyber-attack at least once in the last 12 months. The top causes included Viruses, Malware, Spam and Phishing – in 2013 alone Kaspersky Lab products detected almost 3 billion malware attacks on user computers!

Spam and Phishing is certainly not a new concept but, the emails sent are becoming more sophisticated, they are adopting an appearance of something that the recipient is familiar with – appear like it is from a delivery company, social media, stores etc.

Spam can just be a simple form of electronic junk but, it can also be malicious spam with the purpose of either make money, obtain sensitive information or spread malicious codes – like CyptoLocker, which surfaced in 2013, it would encrypt the victim’s data and sell it back to them for monetary gains. It is a Trojan Ransomware distributed through a series of phishing campaigns. The emails imitated well-known delivery companies and financial institution preying, on our trust of these companies and our curiosity to see what the attachment is about. It effected over 12,000 victims within one week and to this day there are still stories of CyptoLocker causing chaos and victims paying to obtain decryption keys for their own data.

The sophistication of spam, malware and phishing attacks is not just limited to emails being sent through a computer – but, in January it was found 750,000 spam emails were sent from compromised smart fridges!

However these fridges were not infected using traditional methods like a Trojan Horse but, most of them have been ‘simply left open, so existing software running on them can be used by attackers’ said a spokesperson for Proofpoint who made the discovery. It would be interesting to know, how many people have smart fridges and how many people would buy one?

The US retailer ‘Target’ would be one of the recent examples of how malware can cause horrific consequences. Target’s point-of-sale (POS) system was infected with malware, causing as many as ‘40 million credit and debit card details and 70 million customers’ personal details being stolen in a cyber-attack!

This POS malware attack has caused financial losses, decrease in brand reputation and consumer confidence. In a recent press release issued by Target due to the attacks they had to reviewed their forecasts, predicting a 2% – 6% decrease in sales for this quarter and whether it is directly related to the data breach or not, Target also stated there will be store closures in May.

Target’s incident shows being a victim can have an impact on profits, consumer confidence and brand reputation. A malware breach on this scale is not something that a company can recover from overnight and it can potentially have long-term implications but, only the coming months will reveal the true scale of the consequences for Target.

The consequences of being victims of spam, malware, viruses and phishing is never a good one. In general the motive is simple – cybercriminals want to obtain business data and make money! So, be vigilant and make sure your systems are protected.

To discuss methods of protection against malicious software contact us today.

CryptoLocker – The New Kid on the Block for Trojan Ransomware

Cryptolocker Trojan Ransomware

Watchout for Cryptolocker! It claimed over 10,000 victims within a week.

CryptoLockerA new variant of Trojan Ransomware has recently appeared in the world of cybercrime; but, it is not just a typical piece of RansomWare

When it infects a system it would encrypt your data using a strong cryptography and the cybercriminals will hold the users’ data hostage until a ransom is paid. The users are usually infected by an email with an attach .exe file and when opened, it will execute scripts to encrypt all the users’ data. It has been reported the ransom demands are for either $300 US dollars or Bitcoins. However,  there is no guarantee the decryption of the data will occur after the ransom is paid.

CryptoLocker is spreading fast in phishing campaigns and it has been reported it can be sent as a fake delivery notification or an email from a financial institution.

According to Kaspersky’s Costin Raiu the primary target for this Trojan Ransomware is ‘US and UK, with India, Canada, Australia and France being second-tier targets’ and the National Crime Agency (NCA) in a recent BBC article said ‘Small to medium businesses seem to be the target’ and there are ‘significant risks’.

Protect yourself

It is important to have anti-virus protection in general but with over 10,000 people falling victim to CryptoLocker within a week, it further highlights the need to have a good level of IT security in place. But this is usually not the case, as anti-virus is often considered after one becomes a victim.

From a B2B perspective it is always suggested to have a layered approach to IT security i.e. having a firewall, anti-virus, endpoint security, email security products to limit inbound email threats. From personal use perspective having anti-virus in place is essential.

Email Security products such as NetMail will help protect users’ from this type of trojan by blocking .exe files as a rule. However, CryptoLocker can also infect systems via physical media, websites etc so, anti-virus and malware detectors are essential, to help create a strong defence to keep those criminals off your devices and networks.

So be extra careful and do not open those .exe files unless you know exactly who it is from.

Contact us today to find out more about IT Security and how we can help protect your business.