Spam News

Privileged Account Hacking: A Worrying New Hacking Trend

by G Hunt | December 3, 2015 | Spam News

A recent study conducted by CyberArk has revealed that enterprises now face a high level of risk of privileged account hacking. In fact, the majority of enterprises are at risk of being hacked. Many companies are underestimating the risk, although IT professionals have long been aware of the danger of privileged account hacking.

The study suggests 88% of enterprise networks are susceptible to attack. A complete compromise of the corporate network is possible via 40% of Windows machines. The researchers predict that all it would usually take is for one privileged account to be hacked to allow the attackers to gain access to most accounts and systems. The researchers also determined that any enterprise that has Windows hosts is susceptible to attack via privileged account hacking.

To produce the report “Analyzing Real-World Exposure to Windows Credential Theft Attacks” CyberArk surveyed 51 organizations of varying sizes to determine the level of risk faced from privileged account hacking and the extent to which networks could be compromised should hackers manage to gain access to super-user and/or service accounts.

The results of the survey paint an incredibly worrying picture. The hacking of privileged accounts is not just a problem that must be dealt with by large corporations. Small to medium-sized businesses are also being targeted. Hackers are gaining access to their systems and are using them to launch attacks on their supply chain partners.

The privileged account hacking risk is often underestimated

Many organizations are not even aware how substantial the privileged account hacking risk is. An organization employing 500 individuals may have 1500 or more privileged accounts according to the researchers. The risk of attack is greatest with servers and lower with workstations. This is because servers can be used to gain access to a much wider range of systems and data than workstations. If any one server is compromised, attackers can use that machine for privileged account hacking and can gain access to many other Windows hosts on the network.

Attackers have months to analyze the network infrastructure and exfiltrate data

Mandiant recently estimated the median number of days for enterprises to discover their networks have been compromised is 229 days. The latest report from CyberArk also suggests a similar timescale for detection – placing the time frame at between 6 to 8 months. Once attackers have gained access to a network, they are exceptionally good at hiding and covering their tracks, and have months to browse the network.

How are hackers gaining access to privileged account login credentials?

In many cases, user credentials are stolen via phishing campaigns. Oftentimes, the attacks are highly sophisticated and highly targeted. Individual users are selected and a campaign is developed to fool them into visiting a malicious website and downloading malware or opening an infected email attachment.

Information about the target is obtained via social media networks such as Facebook, Twitter, or LinkedIn. Their contacts are identified, and a phishing email is either sent from a hacked colleagues account or is masked to make it appear that it has been sent from a trusted individual.

All too often a sophisticated attack is not necessary. If malware can be installed on just one single computer, shared-privilege accounts can be used to gain access to a wide range of systems.

What can enterprises do to protect their networks from privileged account hacking?

Protecting against the hacking of privileged accounts is difficult. It is not possible to eliminate privileged accounts as they essential to the functioning of the business. Since these accounts cannot be eliminated, efforts must be made to make accounts more secure. Unfortunately, the management of privileged accounts is complicated and is difficult to automate.

A survey recently conducted by Dimensional Research/Dell highlights the extent of the current problem. 560 IT professionals were asked about privileged access management and 41% revealed that they did not use any software at all or rely on Excel or other spreadsheet software packages to manage their accounts.

Fewer than half of respondents did not log or monitor privileged account access. 23% did not have a defined account management process. 28% did not have a defined process for changing default passwords on new equipment and software. Passwords were also found not to be changed frequently. Only a quarter of organizations changed admin passwords every month.

Make it harder for networks to be compromised by privileged account hacks

In order to improve security and prevent  the hacking of privileged accounts, IT professionals should:

• Develop a defined process for managing privileged accounts
• Conduct a full audit of the network to locate all privileged accounts
• Ensure all passwords are unique, complex, and very difficult to guess
• Monitor and audit account passwords
• Use different passwords for different systems
• Change default passwords on all new devices and software
• Change passwords at least once a month
• Implement an automated solution to manage privileged accounts
• Ensure that a full risk assessment is conducted and any security holes are plugged rapidly (Hours rather than weeks or months)
• Conduct an audit of all suppliers and business partners to ensure they have sufficient security in place
• Implement solutions to protect users from phishing and spear phishing attacks, such as anti-spam software with anti-phishing controls
• Implement a web filter to reduce the probability of a user downloading malware to the network from malicious websites.

Fail to secure your login credentials, and privileged account hacking will not be only be a risk; it will be a reality.

Cryptowall 3 Ransomware Rakes in Millions

by G Hunt | November 27, 2015 | Spam News

Cryptowall 3 ransomware is the latest incarnation of the Trojan that first appeared in the latter half of 2014. This variant was discovered earlier this year and it has been used to extort millions out of individuals and businesses.

The threat from ransomware is growing

Ransomware infections have been reported much more frequently in recent months. A fortune has already been spent undoing the damage caused. Unfortunately, since the malware is evolving, it can be difficult to block.

Cryptowall 3 ransomware is very similar to previous incarnations and operates in a very similar fashion. The problem is that the algorithm it uses to obfuscate the dropper, which is applied three times, differs from Cryptowall 2. This makes it harder to identify.

Cryptowall 3 ransomware employs multiple dropper files and contains a number of different exploits. Once initiated, code is injected into a new explorer.exe process which installs the malware while disabling system protections. Malicious code is then hidden in a new SVChost.exe process.

The malware collects a considerable amount of data from the host computer, obtains an external IP address, establishes a connection, and registers the machine with the hacker’s command and control center. A POST request is made and the main Cryptowall 3 thread is initiated.

Cryptowall 3 ransomware subsequently encrypts certain file types on mounted network drives and local drives using public-key cryptography. The key to unlock the encryption is only stored on the hacker’s server. The victim is then advised to pay a ransom to have the infection removed and files unlocked. Failure to respond will see files locked forever or permanently deleted.

Cryptowall 3 ransomware is spread via email spam

Cryptowall 3 ransomware is primarily, but not exclusively, spread via spam email. The email contains a zip file attachment which houses an executable file. If the executable file is run, it installs the malware on the host computer. Videos, text files, and images files are then encrypted with its RSA2048 algorithm. Users often have files created on the desktop instructing them how to unencrypt their computer. Once infected, users are given approximately 7 days to pay the ransom, which is commonly $500 in the form of Bitcoins (2.17).

There is no guarantee that payment will result in the encryption being removed, although oftentimes it is. Payment certainly does not mean all traces of the malware will be removed from the infected machine. Users are often allowed to decrypt certain files to prove that the criminals behind the campaign can actually make good on their promise.

Victims are usually given little alternative but to give into the hacker’s demands, unless they want to lose all the files that have been encrypted.

Millions have been obtained from Cryptowall 3 ransomware infections

Cryptowall 3 ransomware has spread rapidly and the malware has already claimed tens of thousands of victims. The malware was only discovered in January 2015, yet already the criminals behind the infections have managed to obtain an estimated $325 million in ransoms according to Cyber Threat Alliance (CTA) figures. The ransoms have been tracked via Bitcoin payments, although the system used to assess criminals’ profits is somewhat unreliable. The figure of $325 million has been confirmed, but the total profits from Cryptowall 3 ransomware infections could well be double that total.

Cryptowall 3 ransomware infections usually start with a phishing campaign. The phishing campaigns usually contain an attachment with an innocent looking name, such as “invoice” or “fax”.

Drive-by attacks have been known to install the malware. These take advantage of security vulnerabilities in browser plugins. Exploit kits such as Angler are also used.

Fortunately, it is possible to train employees to be more cautious and not to open file attachments sent from unknown individuals. However, the emails may appear to have been sent by a friend, relative, or colleague inside their company.

Training should be provided to employees and company-wide warnings issued. However, the best defense is to prevent the ransomware from being delivered to inboxes. If SpamTitan Anti-Spam solutions are implemented, Cryptowall 3 ransomware email spam will be blocked and quarantined. End users will then be prevented from accidentally installing the malware.

Electronic Frontier Foundation Phishing Website Taken Down

by G Hunt | November 18, 2015 | Spam News

Cybercriminals are using SSL certificates installed on fake domains to fool users into thinking that the websites are genuine. The websites often use names that closely resemble a well-known brand. We have previously reported that criminals have been using domains containing typos to obtain website traffic and fool the unwary; however, it is also common for domains to be purchased using a well-known company name with additional words added to the end.

Because the websites contain the brand name, many visitors will be fooled into thinking that the websites are genuine. This is even more likely if a website has a valid SSL certificate and displays a padlock next to the URL. This is seen as a sign by many consumers that the website is real. A SSL certificate can no longer be trusted. It is only one indication that a website is genuine. Many new websites are offered a free SSL certificate.

Electronic Frontier Foundation phishing scam brought to an end

One website that has been fooling visitors into thinking the site was official is believed to have been set up by the cybercriminals behind the Pawn Storm phishing campaign: A group of hackers known as APT28. The group, which has links to the Russian government, used the brand name of the Electronic Frontier Foundation as part of a phishing campaign.

The Electronic Frontier Foundation phishing campaign used a .org website with the domain name, ElectronicFrontierFoundation. The official site used by the company is also a .org, but just uses the company’s initials: EFF.

The Electronic Frontier Foundation phishing site was not used to obtain bank account or credit card details, instead it was used to spread malware. The fake site was discovered to contain malware that exploited a zero-day vulnerability in Java software.

Electronic Frontier Foundation was alerted to the existence of the website and issued a complaint to the UN’s World Intellectual Property Organization (WIPO) – an organization that helps protect the intellectual property rights of corporations. After assessing the compliant, WIPO ruled that Electronic Frontier Foundation was entitled to take control of the domain, which has been ordered to be transferred to the non-profit digital rights group. Once that happens, the site will no longer pose a threat and ownership will be transferred from an individual based in Bali, Indonesia.

Organizations believing their copyright has been infringed can attempt to claim a registered domain by following the Uniform Domain-Name Dispute-Resolution Policy (UDRP) set up by ICANN. However, it can take a long time for the process to be completed. All the time that a fake domain is active it can result in a loss of income for the company concerned. Many customers or potential customers could have malware installed or be defrauded until the matter has been addressed and ownership of the website transferred.

In a case such as this, the domain name and SSL certificate made the website appear 100% legitimate, which no doubt resulted in many people having their computers infected with the malware.

BELCO Email Scam Warning: Bermuda Electricity Company Customers Targeted with Ransomware

by G Hunt | November 10, 2015 | Spam News

Bermuda residents and holiday home owners have been put on high alert after a new BELCO email scam has been uncovered. A warning has now been issued by the company after some customers were targeted by scammers and were sent malware-infected emails from the company’s email domain.

BELCO, the Bermuda Electric Light Company Limited, supplies electricity to homes in Bermuda and is the only supplier in the British Overseas Territory. All individuals who own or rent a property on the islands are at risk of receiving a spam email that could potentially infect their computer, mobile phone, tablet or laptop with malware.

The type of malware sent in the spam emails is a form of ransomware. This type of malware is particularly nasty as it will allow the perpetrators of the campaign to lock files on an infected computer and potentially also on a business network to which the device connects. The malware delivered in the BELCO email scam can also cause corruption of computer files. The criminals behind the campaigns have designed the malware to give victims little choice but to pay the ransom.

Critical files are encrypted via the ransomware to prevent the user from gaining access. The only way of regaining access to the files is by restoring them from a backup or by paying a ransom to the criminals behind the campaign. Once a ransom has been paid, the criminals behind the BELCO malware attack will supply a security key that can be used to unlock the data. There is no guarantee that the security key will be provided once the ransom has been paid and it is conceivable that the criminals could continue to extort customers who give into their demands.

On a personal computer, files such as personal documents or family photographs could potentially be encrypted and lost. For business users the risk is even higher. Without access to critical files, all business could effectively grind to a halt. Even when a backup can be used to restore the ransomware-encrypted files, significant losses could be suffered. Performing a full restoration of data takes time and unless a backup was made just minutes before files were encrypted, some data will invariably be lost. Customers will also experience disruption to services while remediation takes place and systems are restored.

BELCO email scam uses legitimate company domain

The BELCO email scam uses a common technique to fool targets into installing malware on their devices. Criminals have been using email to deliver malware for many years, but they are now getting very good at creating highly convincing campaigns. It is becoming much harder to identify a spam email containing malware.

What makes this campaign particularly convincing is the emails appear to have been sent from the BELCO.bm domain. Even an individual who has adopted email security best practices, such as checking the sender’s address before opening an attachment, may be fooled into installing the malware contained in the email.

The email informs the recipient of an unpaid electricity bill and includes a warning that electricity will be cut off if the bill is not paid promptly. In order to find out how much money needs to be paid customers are required to open the attachment. Doing so will result in the malware being installed.

The email was sent from the address billerz @belco.bm. The domain is correct, although there is no official billerz address used by the electricity company. A warning sent to customers advises that any legitimate bill sent by the company will come from ebilladmin @belco.bm.

Simply receiving the email will not infect a computer but it is imperative that the attachment is not opened under any circumstances. Any customer receiving the email should delete it immediately from their inbox or spam folder. They should then ensure it is also deleted from their deleted email folder.

Identifying spam and scam emails

The BELCO email scam is convincing. It could easily pass for a genuine email if the recipient of the email is not particularly security conscious. There are tell-tale signs that it is a fake.

• The email address differs from the one usually used by the company to send electronic electricity bills
• There is a threat contained in the email – Immediate action is required to avoid unpleasant consequences
• Insufficient information is included in the email body, requiring the user to open an attachment
• The email address contains an odd spelling not typically used by a reputable company – billerz

Individuals, and especially companies, should consider implementing additional controls to prevent emails such as this from being delivered. Using a spam filtering solution will prevent the vast majority of spam and scam emails from being delivered. As more phishing and spam emails are being sent, and the perpetrators are becoming more skilled at creating convincing campaigns, this is one of the best defenses to prevent accidental malware infection. The cost of an Anti-Spam solution will be considerably less than the cost of a ransom to unlock vital data.

IBM Softlayer Discovered to Be Biggest Spam Hosting ISP

by G Hunt | October 23, 2015 | Spam News

Softlayer Rated Biggest Spam Hosting ISP by Spamhaus

According to a new report by the not-for-profit anti-spam organization, Spamhaus, the biggest spam hosting ISP is Softlayer, the IBM-owned cloud computing provider. A reported 42% of the ISP’s outbound emails have been discovered to be spam.

The report, issued on Wednesday, shows the ISP to be the current biggest offender, found to be supporting spammers and hosting numerous malware operations. The extent of the company’s emails found to be spam is astonishing, making it the undisputed champion of spam. Spamhaus has recorded over 685 separate spam issues on Softlayer, almost three times as many as the ISP in second place, Unicom-sc, which has had 232 reported spam issues.

Typically, the biggest web hosting companies and internet service providers do not feature so highly in the spam list, as they tend to employ numerous measures to prevent their servers being used by spammers and internet criminals. While Softlayer has not featured so highly in the past, recently it has been rising up the rankings, even though it does make efforts to fight spammers and implements controls to prevent them from using its servers.

In recent years the company has increased efforts to keep spammers at bay, and has taken firm, decisive action when reports of spamming have been received. But this has not proved to be sufficient.

It would appear that the ISP is now being targeted by Brazilian cybercriminals who are using its services to send out high volumes of spam emails and host numerous malware-infected websites. Softlayer is understood to have relaxed its criteria and vetting processes recently in an effort to attract more business; which does appear to have been successful, albeit for the wrong kind of business.

Spamhaus also pointed out that it has received requests to have Softlayer removed from its listing, but will only do so when it is clear that all of the issues have in fact been resolved. Spamhaus pointed out that cyber-criminals from Brazil were so active that “many listed ranges were being reassigned to the same spam gang immediately after re-entering the pool of available addresses.” The report went on to say, “these specific issues would not be removed until Softlayer was able to get control of the overall problem with these spammers.”

Softlayer has responded to the new number 1 ranking, saying affirmative action is being taken to tackle the issue. Communications Director, Andre Fuochi, recently told Krebsonsecurity, “We are aggressively working with authorities; groups like The Spamhaus Project, and IBM Security analysts to shut down this recent, isolated spike.”

Unfortunately, while action is being taken, it is not fast enough to stop the spammers. As soon as accounts and websites are shut down, more are created. Users are able to provision and de-provision sites and applications cheaply and quickly, which is why the ISP is struggling to stop spam emails from being sent and malware sites from being created.

Cloudmark recently confirmed Spamhaus’s rating, saying the Softlayer network was the largest single source of spam in the world during the third quarter of this year. The spammers and scammers will always find a home somewhere, but to find it at a company owned by IBM must come as a major embarrassment. IBM is, after all, a major player in the software security market.

Bank Phishing Scheme Nets Hackers Over $3.5 Million

by G Hunt | October 21, 2015 | Spam News

A bank phishing scheme operated by a Moldovan man has resulted in $3.55 million being transferred from the bank accounts of a Pennsylvania mining company – the Penneco Oil Company Inc. – according to federal prosecutors.

The perpetrator of the campaign, Andrey Ghinkul, 30, has been charged following his recent arrest in Cyprus. He is awaiting extradition to the United States, with a hearing scheduled for next week.

The phishing campaign was sent out to numerous companies, with a number of recipients reportedly opening the email, only to have their computers infected with Bugat malware. Bugat Malware is a little known form of malware, operating in a similar fashion to the well-known Trojan Zeus.

Bugat malware functions as a SOCKS proxy server, allowing hackers to directly download and execute programs on an infected host’s computer, or upload files to remote servers. In order to escape detection, the malware communicates encrypted data with its command, and by doing so fails to trigger many traffic inspection software warnings.

The malware has been used to log information entered during online banking sessions, with Firefox and Internet Explorer browsers so far exploited. With the information obtained, hackers are able to make fraudulent wire transfers and ACH transactions. So far, small to mid-sized businesses have been most commonly targeted.

While many organizations are now looking out for Zeus infections, this new form of malware can escape detection more easily. The attacks also show how cybercriminals are diversifying their attacks in order to gain access to financial account information and avoid detection.

The phishing campaign was used to send emails to a number of recipients in U.S companies, with the emails appearing to have been sent from medical providers, indicating the recipients had received a positive diagnosis for cancer.

Bugat Malware Bank Phishing Scheme Nest Hackers Over $10 Million

According to the FBI, Bugat malware has resulted in around $10 million in funds being transferred from U.S company accounts to hackers in Russia and Belarus.

The transfers from Penneco Oil’s accounts were made possible by the malware, which recorded bank passwords as they were entered on the infected computer. That information was then used to make the transfers. The first transfer of $2.2 million was made in August 2012, with the funds being received by a bank based in Krasnodar, Russia. A second transfer was made the following month, this time the recipient account was in Minsk, Belarus.

While the transfers did go through, action was swiftly taken by the bank – Indiana, PA-based First Commonwealth – and the funds were rapidly restored. Senior Vice President of Penneco, D. Marc. Jacobs, said the bank “worked to completely restore our funds almost immediately.” In this case, Penneco had all funds restored and the bank had to cover the cost.

Should Ghinkul be extradited, the case will be heard in Pittsburgh where another attempted victim was targeted. Sharon City School District nearly lost $999,000 to a Russian account. Fortunately, that transaction was successfully blocked.

iTunes Email Scam Tricks Users into Revealing Credit Card Numbers

by G Hunt | October 19, 2015 | Spam News

A new iTunes email scam has been uncovered which attempts to trick users into revealing their credit card numbers, according to a recent report issued by Malwarebytes.

The latest iTunes email scam targets users of iTunes and offers them a refund for a purchase that has been made using their iTunes account, indicating they have been affected by an email scam already. In order to receive the refund, the users must provide their Apple ID, password, and credit card details so the refund can be processed.

Emails have been sent to iTunes account holders telling them that their account has been fraudulently used to purchase an app valued at £34.99 ($53), with the emails containing a fake receipt for the purchase. The app is question is provided by CoPilot Premium HD, a supposed navigation service. The receipt contains a link that the recipient of the email must click in order for their refund to be issued, if the purchase is not genuine.

There is of course no such app, and the high price is perhaps a warning that something is amiss. Unfortunately for users looking to protect themselves from fraud, the very actions they take to protect themselves will actually ensure they do become victims.

Not the Only iTunes Email Scam Recently Uncovered

This is not the only email phishing scam to have been sent to Apple users in recent weeks. Another email spam campaign attempts to get users to click a link to update their credit/debit card, which users have been informed in the email is about to expire. Users have been requested to click a link and enter their new card details, including the CSC code on the reverse of their card, as well as the new expiry date.

As with many email scams of this nature, the email is sent with a threat of account suspension if they do not comply. In this case, users have little time to respond. The email link is said to expire in one hour’s time if it is not clicked, reducing the time for users to verify if the email is in fact genuine.

They are provided with a link to store.apple.com which is seemingly genuine; however, hovering over the link will reveal that the link directs them to a different location.

There are other common tell-tale signs that the email is a fake, even though the correspondence does contain seemingly genuine Apple imagery and appears to have been sent from Apple’s customer service department. One of the most telling signs is the volume of spelling mistakes contained in the email. Any email sent by Apple is likely to have at least been run through a spell check before being used as a template for millions of Apple device owners. A sure sign that the email is not genuine.

The email contains spelling and grammatical errors such as informing the recipient that the link will “expire one hours after the email was sent.” iPhone “ore” iPads is another, and feature is spelled “feauter.”

The advice to all Apple users is to take time to carefully read any email sent from Apple, and to attempt to verify any request to provide ID numbers or financial information.

U.S. Postal Service Not Dealing with the Phishing Threat

by G Hunt | October 16, 2015 | Spam News

It has now been over a year since the U.S Postal Service was affected by a phishing campaign that resulted in the exposure of the personal information of 800,000 current and former workers, yet the postal service is still not effectively dealing with the phishing threat. Employees have been tested, and they are not identifying phishing emails.

Postal Service Employees are at Risk of Falling for Phishing Emails

The network data breach of 2014 occurred as a result of employees falling for spear phishing campaigns, which allowed criminals to gain access to postal service networks containing sensitive data. The data thieves were able to gain access to the network and exfiltrate data without meeting much in the way of resistance. It would appear that if a similar campaign was conducted again now, even more data may be exposed.

The Office of the Inspector General (OIG) recently took the decision to put postal service workers to the test, to determine whether lessons have been learned since last year. In total, 3,125 fake phishing emails were sent to employees of the U.S Postal Service to determine whether they were actually able to identify a potential phishing campaign.

There was some good news. 75% of workers were able to resist the temptation to click on the phishing links in the emails. The bad news was 25% did click. Unfortunately, all it takes is for one person to respond to a phishing email for criminals to gain access to data. 780 responses to fake phishing emails shows risk is not being effectively managed.

However, perhaps worse still, was the lack of compliance with policies that had been put in place in the wake of last year’s successful attack. For instance, the postal service’s Computer Incident Response Team should be alerted if a suspicious email is received by workers, yet only 7% of employees did so during the test.

The reason is perhaps quite easy to explain. Only 4% of staff had completed the Postal Service cybersecurity training course, so presumably were unaware of the policy of reporting suspicious emails, if they were in fact able to identify them as suspicious.

OIG Report Shows Postal Service is Not Dealing with the Phishing Threat

The OIG report on the cybersecurity test stated that awareness training does have a positive impact, and can substantially reduce the risk of employees responding to a phishing campaign. Research shows training can reduce security-related risks by as much as 70%.

Policies must of course be turned into procedures, and the staff must receive training. The OIG said, “When management does not require all employees with network access to take annual information security awareness training, users are less likely to appropriately respond to threats.”

One of the main problems for organizations trying to tackle the threat of phishing is the fact that criminal organizations and hackers are developing ever more complex and convincing campaigns to fool users into opening malware-infected attachments and visiting links to malware-infected websites. However, if training is not provided to the staff, even uncomplicated phishing campaigns could well succeed.

At present, only new members of staff and CIO office members are required to undergo annual cybersecurity training: That is not the most effective way of dealing with the phishing threat. However, in response to the OIG report, the Postal Service will be implementing new training policies by April 2016.

FTC Issues Warning over Gaming Email Phishing Scam

by G Hunt | October 14, 2015 | Spam News

The Federal Trade Commission has issued a warning over a new gaming email phishing scam that targets video game players and takes advantage of their love of the games to get them to divulge their account information.

Gamers invest considerable time and money into buying add-ons and developing gaming characters; however, the fear of loss of their gaming account is seeing many fall for the latest scam.

Cyber Criminals Opt for Gaming Phishing Email Scam

Hardcore gamers are not difficult to find, having registered on forums and gaming websites, providing their email addresses and other information about their gaming habits. Once criminals obtain email addresses of gamers, they are sent fake emails from gaming companies suggesting they have been discovered to have sold gaming items or characters for real money, and by doing so have violated the rules of the game.

Consequently, the users are threatened with account suspensions, or in some cases, legal action. A number of emails have been received by gamers with threats that they will be sued for amounts up to $2,700 for repeated violations of gaming rules and regulations. The intention is not to get the users to part with that money, but to get them to reveal details of their bank accounts or credit cards used to make purchases.

Users are often fooled into responding out of fear of losing their accounts or being suspended or banned from their favorite games. The email campaigns can also be highly convincing, using templates that appear legitimate, often including company logos and names the users may be familiar with.

The scammers have been targeting users of some of the most popular online games, such as World of Warcraft and Diablo III, both produced by Blizzard Entertainment, although the scam is not restricted to players of these games. The volume of emails sent to gamers, and complaints received, has resulted in Blizzard emailing users to tip them off to what it called “rampant scams.”

The FTC has also got involved, issuing a warning of its own. According to the FTC warning, targets are advised that they should check the status of their accounts and challenge the suspension if they have done no wrong. They are supplied a link for this purpose and are required to fill in a ‘verification’ form.

They are then asked to enter information in order to confirm their accounts and identities, and must reveal account and financial information. The perpetrators of the scam then empty their accounts.

This is not the only technique used by online fraudsters to get users to reveal their credentials. Gamers are being sent spam emails asking them to login in order to receive free gifts and exclusive game add-ons, with users requested to click a link in the email to login in order to claim their prize.

It is not always essential that account details are entered in the online forms to which the users are directed to. The links contained in the emails can direct the users to malware-infected websites. Malicious software is automatically downloaded to the users’ computers, allowing the perpetrators to gain access to the device and trawl files looking for personal information such as bank account details, login names and passwords.

Gamers have been warned to always try to verify any such emails, and not to click on links, open attachments or use the contact details provided. All requests that are out of the ordinary should be independently verified with the company concerned, using the gaming website’s contact information.

Symantec Says Email Spam Levels at 12 Year Low

by G Hunt | October 12, 2015 | Spam News

There has been some good news reported recently that indicates email spam levels are now at the lowest point seen in the past 12 years. According to a report issued by Security company Symantec, spam emails fell to 49.7% of all emails sent in June this year. Spam email levels fell further still in July, dropping to 46.4% of total email volume. Symantec also reported that the volume of phishing campaigns also saw a fall in June.

A number of reasons have been cited for the fall in spam levels, including bringing a number of spammers to justice and closing down their criminal networks, in addition to shutting down a number of rampant botnet networks, many of which were located in the United Kingdom.

The botnets were identified by UK police forces which orchestrated a number of takedowns. UK and European internet service providers had been collaborating with the police and passed on information on suspected botnets, helping to reduce the effectiveness of the networks, ultimately leading to many being shut down.

While this is good news, this does not mean there has been a reduction in risk. Phishing schemes may have seen a small drop in June, but the number of malware variants now being discovered has increased dramatically. The variation in malware is causing a problem, as the malicious software is becoming harder to identify. The extent of the increase in variants is considerable. In just two months the number of malware types had almost doubled from 29.2 million in April to 57.6 million pieces of malware caught by Symantec in July. This is the second highest figure reported in the past 12 months, with only November 2014 seeing more malware attacks caught (63.6 million).

The attack landscape is constantly changing, with cybercriminals now diversifying their attack vectors. Ransomware for instance, is becoming more popular. Just under half a million attacks (477,000) were thwarted by Symantec in June, with the volume of ransomware having risen for two months in a row.

While cyber criminals based in the UK and United States may be diversifying attack vectors, hackers in other countries still favor email spam, with eastern Europe and China still seeing huge volumes of spam emails being sent. It is certainly not a time to let one’s guard down or become complacent about email spam.

Businesses Still Receiving High Volumes of Spam Emails

Overall, levels of spam may have fallen, but small to mid-sized companies are still seeing high levels of spam emails received, with the percentage of spam emails remaining above 50%. Spam email traffic to small to medium companies (those with one to 250 employees) stood at 52% in June.

Malicious emails are also still being used extensively to target organizations of all sizes. In June, malicious emails were being most commonly used against companies employing 1501-2500 individuals, with one in 164 emails recorded as being malicious in nature.

In July the figures had improved, with organizations employing 251-500 individuals the most common recipients of malicious emails, registering one email in 260 as being malicious in nature, closely followed by small organizations employing under 250 individuals, with one in 275 emails rated as malicious.

Spam emails were still being sent at high levels to particular industries, with mining and manufacturing industries receiving high levels of spam in June. Over 56% of emails received in the mining sector were spam, with the manufacturing, construction, retail and non-traditional service industries all registering spam email volumes of 53% or more in June.

The figures for July actually showed an increase in spam for some industry sectors. Mining had increased to 55.7%, with only very slight falls in spam levels in other industry sectors. Manufacturing, retail and construction all registered spam percentages above 53%.

Each of the other 6 industry sectors (Professional services, agriculture/forestry/fishing, wholesale, non-classifiable establishments, finance/insurance/real estate, and non-traditional services) all registered spam email percentages of between 51.9% and 52.5%, indicating email spam remains a major problem for most U.S. businesses.

Ponemon Institute Calculates the Cost of Phishing Attacks

by G Hunt | October 9, 2015 | Spam News

The Ponemon Institute has released a new report detailing the cost of phishing attacks on U.S businesses, suggesting the average annual cost for U.S companies has now risen to $4 million. Ponemon calculated phishing attacks take an average of 23.7 days to resolve, and are having a huge impact on U.S organizations, with smaller companies often suffering the most.

Cost of Phishing Attacks & Cyber Crime Assessed

The report indicates that the biggest costs suffered as a result of cyber crime come from phishing campaigns and social engineering, which accounted for 16% of total cyber crime costs. Phishing and social engineering were found to have affected 59% of organizations, while botnets affected 66% and web-attacks were suffered by 76% of organizations.

The Ponemon study, conducted in conjunction with HP Enterprise, involved a representative sample of 58 private and public sector U.S organizations being surveyed on cyber crime and the costs of dealing with criminal attacks. The results of the study show that in the U.S, the mean annualized cost of cyber crime has risen to $12.7 million per year, with the highest total average cost of dealing with cyber crime being $15.42 million – more than double that of Germany in second place.

The study showed that organizations are having to pay between $1.6 million and $61 million per year to resolve cyber attacks. The cost of the dealing with those attacks was found to be higher for larger organizations, although the per capita costs were highest for smaller organizations.

The new 2014 Cyber Crime Report shows the cost of dealing with attacks has risen 19% in just 12 months, with the global average cost of cyber crime estimated to have exceeded $7.7 million. Some companies are having to cover costs of up to $65 million to resolve criminal attacks, which were shown to have increased in both frequency and severity during the past 12 months. Email attacks remain one of the biggest causes for concern, being one of the main methods used by criminals seeking access to computer networks.

Phishing Emails Are Proving to be Highly Effective

Earlier this year, communications company Verizon produced a report indicating phishing campaigns can be highly effective methods of attack, and suggested that all too often staff training efforts are not particularly effective.  Many organizations are now providing staff with information on how to identify phishing emails, yet this information does not appear to be retained. The study found that 23% of individual who received a phishing email opened it, and an alarming 11% of recipients clicked on the link contained in the email or opened the attachment.

The provision of training manuals on phishing to employees can be effective, but retention of information tends to be poor. The Ponemon study did suggest that one of the best methods of training staff how to identify phishing emails is to provide examples, indicating the sending of simulated phishing emails was particularly effective at reinforcing training, providing up to a 37% return on investment.

With phishing emails representing such a substantial proportion of cyber security costs, and training proving not always particularly effective at substantially reducing the risk of attacks being successful, greater efforts should be put into intercepting phishing emails and preventing them from being delivered to recipients’ inboxes. For that, a robust and effective email spam filter is required.

Level of Email Spam and Botnet Infection Quantified

by G Hunt | October 8, 2015 | Spam News

Although many reports suggest that email spam is reducing, email spam and botnet infection is still a major issue for most U.S organizations and individuals – with criminal practices netting cybercriminal gangs billions of dollars every year.

Determining the infection levels and the volume of spam being sent was one of the missions of the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG). M3AAWG, is a global organization tasked with promoting cybersecurity best practices and fighting organized internet crime. M3AAWG was formed a decade ago by a number of leading internet service providers, with the goal of improving collaboration and sharing knowledge to make it harder for criminals to spam account users. By reducing the impact of email spam on individuals and organizations, ISPs would be able to better protect users, IPS’s email platforms and their reputations.

Quantifying Email Spam and Botnet Infection a Complex Task

It was discovered that quantifying email spam and botnet infection levels was a complex task; one that was only possible with collaboration between internet service providers. As a result of this collaboration, the organization has produced reports on the global state of email spam and botnet infection. Its latest analysis suggests that approximately 1% of computer users are part of a botnet network.

The data gathered by M3AAWG involved assessing 43 million email subscribers in the United States and Europe.,The data analysis showed that IPS’s typically block between 94% and 99% of spam emails. The company’s report suggests that on the whole, IPS’s do a good job of blocking email spam.

The figures look impressive but, considering the huge scale of email spam, billions of spam emails are still getting through to users, with financial organizations and other companies now being regularly targeted with spam and malware.

Email spammers are well funded, and criminal organizations are using email spam as a means of obtaining tens of billions of dollars each year from internet fraud. Spam emails are sent to phish for sensitive information, such as bank account information, credit card details and other highly sensitive data including Social Security numbers. Accounts can be emptied, credit cards maxed out and data used to commit identity theft; racking up tens of thousands of dollars of debts in the victims’ names.

In years gone by, email spammers concentrated on sending emails randomly to accounts with offers of cheap Rolexes, Viagra, potential wives and the opportunity to claim an inheritance from a long lost relative. Today, spammers have realized there are far greater rewards to be had, and emails are now sent containing links to malware-infected websites which can be used to compromise users’ PCs, laptops and Smartphones, gaining access to highly sensitive data or locking devices and demanding ransoms.

Some emails may still be sent manually, but the majority are sent using botnets. Networks of infected machines that can be used to send huge volumes of spam emails, spread malware or organize increasingly complex attacks on individuals and organizations. The botnets are available for hire, with criminals able to rent botnet time and use them for any number of reasons.

Many of the attacks are now coming from countries where there is little regulation and a very low risk of the perpetrators being caught. Countries in Africa, as well as Indonesia and the Ukraine house huge volumes of cybercriminals. They have even set up call centers to deal with the huge volume of enquiries from criminals seeking botnet time to orchestrate phishing and spamming campaigns. Tackling the problem at the source is difficult, with corruption rife in the countries where the perpetrators reside.

However, it is possible to reduce spam level, and the risk of employees falling for a scam or downloading malware by installing a robust email antispam filter, reducing the potential for spam emails and phishing campaigns getting through to individual accounts.  According to Verizon, 23% of users open phishing emails and 11% open attachments and click on links. Stopping the emails from reaching users is therefore one of the best methods of defense against attacks.

LinkedIn Email Spam Lawsuit Results in $13m Payout

by G Hunt | October 6, 2015 | Spam News

Lawyers representing plaintiffs affected by spammy marketing practices by business networking website LinkedIn have reached a $13 settlement in a California court, with the LinkedIn email spam lawsuit likely to result in users of the website receiving a payout of around $10 per person.

Lawyers argued that the marketing practices used to attract new users breached California’s common law right of publicity and constituted unfair competition, with millions of users having had their privacy violated. The class-action lawsuit was filed in September 2013 and lasted two years before LinkedIn agreed to settle the case without admission of liability. LinkedIn claimed no wrongdoing and that its business practices broke no laws.

Alleged Spammy Marketing Practices used by LinkedIn to Attract New Users

Users of LinkedIn are permitted to import contacts from email accounts such as Gmail. Users electing to “Add Connections”, will generate an email that is sent to their contacts list inviting those individuals to connect and sign up for an account with the website.

Site users were asked before emails were sent to their imported email contacts, but they were not advised about a further two emails that were triggered if their contacts did not respond to the original email request within a fixed period of time. The follow-up emails were reminders that the invitation was still waiting for approval.

The lawyers claimed that LinkedIn had been “breaking into its users’ third-party email accounts, downloading email addresses that appear in the account, and then sending out multiple reminder emails.” The case centered on the fact that users were not advised that this would be the case. It was claimed that the website was using the names and likeness of users to drum up more business without consent, thus breaching the privacy rights of site members.

Last year, LinkedIn petitioned U.S. District Judge Lucy Koh requesting the case be dismissed, as users had in fact given their consent for contacts to be sent emails; however, Koh ruled that while consent had been provided for one email to be sent, users had not given LinkedIn consent to send any further emails if individuals did not respond to the initial request to join the website.

Other claims made against LinkedIn were rejected, such as the breach of federal wiretap law and claims of hacking users accounts. As a result, the case was required to be resubmitted.

LinkedIn Users Invited to Submit Claims for Compensation

The LinkedIn email spam lawsuit has now been settled, although users of the site are unlikely to receive much in the way of compensation. Any user who used the Add Connections feature of the website between September 17, 2011 and October 31, 2014 have now been invited to submit claims, and have until December 14, 2015 in order to do so.

Due to the volume of individuals affected, it is probable that the payout for each affected user will be around $10. LinkedIn has agreed to add further funds – $750,000 – if the volume of claims it receives results in individuals qualifying for a payout of less than $10 a head. Linked in will also be required to cover legal fees in addition to paying the $13 million settlement.

From the end of the year, all users of the “Add Connections” feature will be informed that by doing so, they are giving their consent for their imported email contacts will be sent one email, and up to two follow-up emails if no response is received from the initial request. There will also be a new option added which will allow invitations and reminder emails to be stopped.

Threat from Phishing is the Major Concern of Health IT Professionals

by G Hunt | October 1, 2015 | Spam News

The threat from phishing emails is causing Health IT professionals major headaches, and is one of the main data security concerns according to a recent HIMSS cybersecurity survey. The recent HIMSS survey was conducted on 300 healthcare IT security professionals and suggests that the increase in phishing emails is one of the main reasons why the healthcare industry is having to invest so heavily in data security. 69% of survey respondents believed that to be the case.

Phishing campaigns are now being devised that are difficult to identity, with cybercriminals investing considerable time and effort into creating highly convincing emails in an attempt to get healthcare employees to divulge their login credentials.

Threat from Phishing Keeps CISOs Awake at Night

Criminals may still be sending random email spam in an attempt to obtain credit card details and banking information, but healthcare providers are now being increasingly targeted for the high volume of Social Security numbers and other personal patient information held; data that can be easily used to commit identity theft and obtain far more than is possible with credit card numbers. According to HIMSS Senior Director of Research Jennifer Horowitz, phishing is now “the number one thing that keeps CISOs up at night.”

The survey showed that data security has become one of the main business priorities for healthcare organizations, with 87% of respondents claiming data security has increased in priority over the course of the last year. Out of the respondents that said data security is a main priority now, two-thirds believe phishing to be the main cause for concern, and the same volume of respondents claimed their organizations had already suffered a phishing or other online scamming attack.

Phishing is a technique used by cybercriminals to obtain personal information, and is used as part of a wider attack on a corporate network. If users can be convinced to visit a link to a website or open an attachment, malware is downloaded to their device. A third of survey respondents indicated they have already become the victim of such an attack this year.

One problem faced by the healthcare industry in particular is the tactics used by criminals frequently change. Phishing was a technique most commonly associated with mass spam emails sent by individuals in the hope that some email users would fall for the scams. It would appear that now individuals, or specific groups of individuals, are being targeted. Many criminals now opt for quality over quantity, and are devising campaigns to target individuals with access to the data they seek. These “spear phishing” campaigns can prove to be highly effective.

Tackling the Threat from Phishing Emails

Efforts are being made by healthcare organizations to reduce the risk of individuals falling for campaigns. Spam filtering can be effective at limiting the volume of emails that make it through to the inboxes of healthcare workers, and training is now being provided to staff to help individuals recognize the signs of a phishing email. However, it would appear that while training is sometimes provided, this is not subsequently tested in many cases. Phishing email exercises designed to test users’ ability to identify phishing campaigns are still not being used by the majority of healthcare organizations. Only a quarter claimed they are using exercises to test staff readiness to deal with the threat, and that is a recipe for disaster.

Subscribers Targeted by Netflix Phishing Scam

by G Hunt | September 9, 2015 | Spam News

A new Netflix phishing scam has been uncovered which works by telling users their Netflix accounts have been closed, requiring action to regain access to the service. Doing so will give your confidential login details to the scam operators.

Netflix has 62.27 million users, making it a highly attractive target for email scammers and spammers, and consequently Netflix phishing scams are common.

Latest Netflix Phishing Scam Convinces users to Reveal their Account Details

Recipients of the fake Netflix emails are required to click a link in order to reactivate their accounts. Unknown to the victims of this Netflix phishing scam, clicking on the link will direct them to a fake Netflix page, and by reactivating their accounts they will be giving the scammers their account names, passwords, and potentially other sensitive information.

Unfortunately for Netflix users, revealing passwords for one account may also mean other online accounts are compromised. Many users share their passwords across different websites, often using the same or similar passwords for Netflix, Facebook, and a host of other sites, including online banking portals.

TitanHQ recommends Netflix users ignore the email and delete it, and certainly do not to click on the link in the email. Phishing scams such as this usually direct users to a website that has been infected with malware, and clicking the link will result in that malware being downloaded, even if no information is entered on the page.

The best course of action is to login to your Netflix account as you would normally do, by typing in the URL or using your bookmark, and check your account status directly with Netflix. In all likelihood, it will still be active.

Further Information on the New Netflix Phishing Scam

Below is a screenshot of the latest Netflix phishing scam. The email appears genuine enough, although close inspection will reveal a few grammatical errors, such as missing apostrophes and misplaced exclamation marks. However, the email could be enough to fool the unwary, and especially individuals who tend to skim read emails and click first and think later.

This phishing campaign is similar to others that have been recently sent to users of other online services. Phishing emails are devised to give the recipient a legitimate reason for handing over sensitive information, usually via webpage.

These include, but are not limited to:

• Upgrading security settings
• Performing essential system maintenance
• Verifying account details to prevent fraud
• Claiming a refund for a bill that has been paid
• Giving money back for an incorrect charge
• Offering you a free gift or service

Email scams often deliver malicious programs – malware – that has been created to steal confidential data such as account login names and passwords. Phishing campaigns are launched on social media, although email is the most common way that these scams are delivered.

Generally speaking, phishing campaigns can be categorized in three types:

Off-the-Shelf Jacking Toolkits

Criminals can purchase malware online which can be used to scam users into revealing passwords, which can subsequently be used to empty bank accounts, rack up debts, or hold people to ransom (the latter is becoming increasingly common and is referred to as ransomware). Once access is gained to an account or computer, Ransomware is used to encrypt data. The users are then required to pay a ransom to the perpetrator of the scheme in order to get their data unlocked.

These campaigns are usually opportunistic in nature, and involve millions of spam emails being sent. It is a numbers game, and some users will click on the phishing links and compromise their computers and networks.

Zero-day Vulnerability Exploits

The net is also cast similarly widely with these email phishing campaigns; however, the malware delivered is more complex, and the hackers behind these schemes are considerably more skilled. Zero-day vulnerabilities are new security flaws that have been discovered in software that have yet to be discovered by the software vendor. Consequently, patches do not exist to deal with the threat. Malware is created to exploit these vulnerabilities, which is usually delivered via an infected email attachment, although it can be downloaded when users visit a phishing website.

Spear Phishing Campaigns

These are targeted attacks that are conducted on individuals, or in some cases, organizations. The perpetrators of these schemes are skilled, and invest considerable time and effort into creating convincing campaigns. Oftentimes extensive information is gathered on the targets prior to the phishing emails being sent.

These schemes similarly use zero day vulnerabilities, and these advanced persistent threats (APT) have been used in a number of high profile attacks, such as the recent Carbanak malware attacks which have made the headlines recently.

How to Avoid Becoming a Phishing Victim

The best defense against attack is to be vigilant. Security awareness training for employees is essential. Staff members must be alerted to the risk, the consequences of clicking on a phishing link, and told how to identify scams. They should be instructed to check links before clicking (by hovering the mouse arrow over the link to check the real address).

It is also essential to keep all software patched and up to date. This applies to operating systems, applications, web browsers and other software. Software should be configured to update automatically wherever possible. Organizations should also develop concise patch management policies. Continuous security audits should be conducted and multi-layered network security controls developed.

There are a number of ways that spam and phishing emails can be prevented from being delivered to users, such as using a spam filter. Web filtering is particularly useful in prevent users from visiting known malware and phishing sites.

The XXX Domain Controversy: Was it all a Waste of Time?

by G Hunt | August 26, 2015 | Spam News

In 1998, ICANN issued the first domain names and IP addresses. There were not many top level domains (TLDs) to choose from. Each country had its own domain suffix, but the choice was limited to .com, .org, .net, .edu, .mil and .gov. Over the years, a few more options have been introduced such as .me, .mobi, .tv and .biz, but the suffix that has caused the most controversy is .xxx – a TLD intended for websites containing images of a sexual nature.

The .xxx TLD was seen as a method of introducing a red light district to the Internet, cleaning it up aside from a dirty corner that could be policed and easily blocked. Some purveyors of pornography allegedly welcomed the move, while others were opposed to it.

There were protests, but the new TLD was released in December 2011, and ICM Registry – a Fort Lauderdale for-profit business – was assigned responsibility for allocating the TLDs. Incidentally, the contract for this was quite lucrative. ICM Registry expected to make in the region of $200 million per year out of the deal.

Sometimes a good idea on paper doesn’t always work out so well in practice. For instance, some companies had spent a long time building up a brand name. They operated their domain on the .com domain, had bought up the .net, .mobi, .org versions and all other TLDs to protect their brand. They did not like the idea of having to do that again with the XXX version, and neither would they be willing to move their main site over to the .xxx TLD.

Few were in favor of the new XXX TLD

Pornographers were not the only objectors to the introduction of the .xxx TLD. The Bush Administration was opposed to the release. In fact ICANN was asked to withdraw support for the proposal. Criticism of the proposal mounted and ICANN came under a considerable amount of pressure. The American Department of Commerce, that has power over ICANN, received over 6,000 complaints about the introduction of the .xxx TLD. Even politicians who had originally backed the idea in the year 2000 changed their mind a decade later. Naturally, conservative groups also applied pressure to block the proposal. It was not enough. The TLD was released – with a delay of a month – and a swathe of new porn websites were subsequently launched.

Unsurprisingly, there has not been a reduction in the number of .com porn websites on the Internet. The new domain has seen even more created. Go figure!

ICANN was subsequently sued on the grounds that it had created a monopoly and that the introduction of the TLD forced businesses to spend even more money registering domain names to protect their brands from being piggybacked. After a couple of years, the lawsuit was dropped.

Controls put in place to protect trademarks

ICM regulators created the new TLD in order to clean up the Internet apparently. The .xxx TLD was seen as a way to make it easier for people wanting to view pornography to find it (it wasn’t exactly difficult, it must be said – type “porn” into a search engine for example) and as a way of promoting a responsible attitude toward it. It would, in theory at least, eventually lead to a dedicated area where pornographic websites could be housed.

However, trademark and patent protection advocate Inventa pointed out that opposition to the new .xxx TLD was virtually universal. No one wanted it apart from ICANN (and ICM Registry).

As for the fears that domain-sitters and entrepreneurs would take advantage, there were controls to prevent this. Eligibility criteria needed to be met. A company owning the trademarked .com version of a website could purchase the corresponding .xxx TLD to use as an adult domain or to prevent others from using it. Amazon.xxx, for example, could only be bought by Amazon.com. The ICM Registry reserved it for them. If there was no trademark, the domain name could be bought by anyone.

Was it worth all the effort?

ICM Registry would be inclined to agree, but as for making the Internet a safer place for children, cleaning up some porn, and having a dedicated online red light district, that clearly hasn’t worked. The biggest names in Internet porn still use their dotcom websites and have not made the switch to XXX domains. People interested in viewing pornography do not need an .xxx TLD to be able to find it, and don’t care what the name of the website is let alone the TLD, provided it gives them what they are looking for.

It is no easier to block pornographic websites than it was before the release. Simply blocking access to XXX suffixed websites will make no discernable difference to the amount of porn that is viewable online.

Until laws are passed to force porn websites to use the XXX domain – which would be incredibly difficult to implement – the move has not been particularly effective.

The only way to block effectively access block pornography from being displayed is to use a web filter such as SpamTitan Technologies. By using real-time classification, URL filtering, blocklists, keyword filters and other tools, SpamTitan Technologies web filtering solutions prevent the websites from being viewable. Something very important for schools, universities, colleges, charities, and corporations.

Any organization believing written policies on allowable uses of the Internet are sufficient to stop inappropriate use, should bear in mind that surveys have revealed that 20% of men and 13% of women have admitted to downloading pornographic content while at work. A recent pool of 500 Human Resources professionals indicated two thirds had discovered pornographic content on work computers, and the majority of porn is viewed during office hours (between 9am and 5pm).

If you want to stop employees accessing pornography in the workplace, the only effective way of doing so is with a robust web filtering solution.

Anonymous Accusations of Fake Malware Denied by Kaspersky Labs

by G Hunt | August 18, 2015 | Spam News

Former employees of Kaspersky Labs have tipped off the media to an alleged practice of faking malware. It is claimed the company used fake malware to get rival anti-virus companies to flag the programs as malicious, potentially tarnishing their reputations with numerous fake positives.

For obvious reasons, the tip-offs have come from anonymous individuals who claim to have worked for Kaspersky Labs, yet their identities naturally cannot be verified. They could in fact be employees of rival anti-virus companies. It is therefore difficult to determine whether there is any truth in the allegations. Kaspersky Labs denied the allegations, in fact Eugene Kaspersky has been quite vocal on social media and has spoken out on Twitter, vehemently denying the accusations.

In an effort to find out more, we contacted Kaspersky Labs to find out further details. We received a reply as follows:

Kaspersky Denies Fake Malware Claims

“Contrary to allegations made in a Reuters news story, Kaspersky Lab has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing. Such actions are unethical, dishonest and illegal.” Kaspersky went on to say, “Accusations by anonymous, disgruntled ex-employees that Kaspersky Lab, or its CEO, was involved in these incidents are meritless and simply false. As a member of the security community, we share our threat intelligence data and IOCs on advanced threat actors with other vendors, and we also receive and analyze threat data provided by others. Although the security market is very competitive, trusted threat data exchange is a critical part of the overall security of the entire IT ecosystem, and we fight hard to help ensure that this exchange is not compromised or corrupted.”

Interestingly though, there does appear to be a grain of truth in the accusations, with the anti-virus software giant confirming that harmless malware was in fact created and uploaded. However, this was part of a test of its own software systems, not an attempt to discredit rivals. The statement issued explained the experiment:

“In 2010, we conducted a one-time experiment uploading only 20 samples of non-malicious files to the VirusTotal multi-scanner, which would not cause false positives as these files were absolutely clean, useless and harmless. After the experiment, we made it public and provided all the samples used to the media so they could test it for themselves. We conducted the experiment to draw the security community’s attention to the problem of insufficiency of multi-scanner based detection when files are blocked only because other vendors detected them as being malicious, without actual examination of the file activity (behavior).” The story was reported at the time in the media.

Kaspersky also explained that “After that experiment, we had a discussion with the antivirus industry regarding this issue and understood we were in agreement on all major points.” Further information on cascading false positives can be found here.

“In 2012, Kaspersky Labs was among the affected companies impacted by an unknown source uploading bad files to VirusTotal, which led to a number of incidents with false-positive detections. To resolve this issue, in October 2013, during the VB Conference in Berlin, there was a private meeting between leading antivirus vendors to exchange the information about the incidents, work out the motives behind this attack and develop an action plan. It is still unclear who was behind this campaign.”

False positives are common in the internet security industry. What is not known, and probably never will be, is who creates the bad samples that lead to false positives. As Ronan Kavanagh, CEO at TitanHQ, points out,“Kaspersky is an excellent product, we have never had an issue with it, quite the opposite in fact. Of course we have seen false positives, we were targeted by bad samples as were many other security vendors but we would have no visibility on who carried out these attacks.  The critical thing is that as an industry we work together in fighting back”.

Have you discovered false positives when you have run your software security programs?

Virtually All Companies Have Been Impacted by Malware

by G Hunt | July 29, 2015 | Spam News

The threat to corporate data security is higher than ever, with hackers and other cyber criminals devising ever more complex ways of gaining access to company secrets, employee data, and protected health information. IT security teams now need to monitor and track new threats like never before. Phishing emails must be blocked, employees must be prevented from visiting malicious websites, audits must be conducted to check for malware and viruses, and systems protected against keyloggers and Trojans.

The volume of new malware now being discovered is enough to keep IT security professionals awake at night, with many fearing the security of their systems. IT budgets are strained enough as it is, and the rapidly changing threat landscape is placing those budgets under even greater strain.

What Information are Cyber Criminals Trying to Obtain?

Individual hackers may attempt to break through security defenses for any number of reasons, in fact their aims are not always financially motivated. A grudge may be held against an ex-employer. Business practices may be deemed to be questionable. A company’s carbon footprint may even make it a worthy target for attack. Often the aim is to sabotage, with unscrupulous business competitors willing to employ hackers to enable them to gain a competitive advantage.

However, in the majority of cases, cyber criminals attack companies for the data they hold, which can be sold on to the highest bidder on Darknet websites or used to obtain goods, services, or cold hard cash. Data carries a high value on the black market as it can be used for a myriad of different types of fraud.

Healthcare data can be used to fraudulently obtain medical services. Insurance data used to make bogus insurance claims. Social Security numbers can be used for identity theft or to file false tax returns, and credit card details used to rack up thousands of debts in victims’ names. Corporate secrets such as product development information can be obtained and sold to competitors. The theft of that information can be used by competitors to devastating effect.

Some cyber criminals are not interested in stealing data, just in preventing companies from accessing it. If ransomware can be installed, criminals are able to encrypt an entire system and hold the company to ransom. They will only release the security keys to unencrypt data if a ransom is paid.

How Are Criminals Obtaining the Data?

Spam emails and phishing campaigns (via email, social media networks and over the telephone) are common, although one of the biggest threats to data security comes from malware. If malware can be installed on computers or servers, it can record and exfiltrate data to the hacker’s control centers. All communications can be intercepted and all keystrokes recorded. This enables hackers to obtain login names and passwords: Those used to access internal systems or online bank accounts. It is not just corporate data that is at risk. Any information stored on clients and customers can also potentially be obtained by the attackers.

Common Hacking Techniques Used to Gain Access to Data

Some of the techniques used by hackers to gain access to data include:

Cross Site Request Forgery (CSRF)

Even apparently safe websites can allow hackers to install malware or access sensitive data. This type of attack involves legitimate websites sending requests to other sites. Twitter has suffered cyber attacks involving this method, resulting in logins and passwords of site users being obtained.

Web 2.0 Application Exploits

These attacks are difficult to prevent as they are often not identified by standard anti-virus defense mechanisms. They can exploit vulnerabilities in Adobe Flash, XML, JavaScript, JSON and Xpath to deliver malware and malicious code.

Cross-Component Attacks

Take two innocent looking sections of malware code that have been installed on a website. Individually they do no harm, and can easily evade detection. However, when two appear on the same webpage they interact and infect visitors’ devices with malware.

SQL Injection

One of the most popular techniques for hacking involves the insertion of meta-characters or SQL commands into input fields on a website. The commands are able to execute back-end SQL code.

Cross-Site Scripting

Hackers can embed code in URLs which can be used to execute Javascript code on visitors’ devices when the links are clicked.

All Companies are at Risk, and the Majority Have Already Been Impacted by Malware

If you think only small to medium sized organizations are at risk from malware (due to IT security budgetary constraints) think again. Even the world’s largest corporations are at risk from malware. Earlier this year, Apple was targeted by hackers and suffered a serious malware attack. Full details of the extent of the attack were not disclosed, but a number of Apple Mac computers were compromised by the attackers.

How could the hackers install malware on the computers of such a security conscious company with exceptionally deep pockets? Via a perfectly legitimate website! Users had visited a software development website, with the hackers gaining access via an unpatched Java bug.

The biggest social media sites are not immune to attack either. Twitter suffered a malware attack that exposed the confidential accounts of approximately 250,000 users. This is believed to have happened as a result of the same unpatched Java vulnerability.

No Company is Immune to Cyber Attacks

Around this time last year, a medical equipment manufacturer called Neurocare was targeted by cyber criminals. In that attack, all employees of the organization were affected. In that case, it was not the company’s systems that were attacked directly. The malware came via the company’s payroll processor.

These are all very large companies. But last year hackers used malware to pull of an even bigger and bolder campaign, launching an attack on the International Monetary Fund (IMF). As you could well imagine, the IMF has rather robust security controls in place, yet even they proved no match for the hackers. The attackers just went for the weakest link: IMF employees.

That attack involved spear phishing. Individuals working for the IMF were targeted with a highly convincing campaign which allowed malware to be installed on their computers. That attack was highly sophisticated in nature, and is believed to have been orchestrated by a team of hackers who had received backing from foreign governments. Highly confidential data was exfiltrated in the attack.

Phishing Campaigns Have Proved to be Highly Effective

This year, Kaspersky Labs reported a sizable increase in phishing attacks involving Apple IDs. Two years ago, the average number of attacks per day was just 1,000. Only 12 months later that figure had jumped to 200,000 per day.

Even security firms are not immune to phishing scams. RSA, a prominent American computer and network security company, suffered a phishing attack that was caught by the company’s spam filter. The emails were quarantined, yet were opened from within, unleashing a Trojan that harvested data from employee accounts. RSA’s SecurID tagsix was compromised in that attack.

RSA should not be singled out of course. Even bigger companies have suffered at the hands of phishers. An estimated 20% of Fortune 500 companies have become victims of these campaigns. Even the world’s largest corporations have been hit in recent months. IBM has been affected, and bigger companies still. Microsoft and Google are also victims of phishers.

Beware of Blended Threats Delivered Through Spam Email

The web may now carry the highest risk of malware distribution, but email is still commonly used to deliver malicious software. It remains one of the commonest attack vectors used by phishers. Email spam can be used to attack any device capable of receiving and opening email. This means tablets and Smartphones are vulnerable to attack, not just laptop computers and desktops.

One of the biggest threats comes from blended attacks. These are spam emails that contain links to malicious websites, or even legitimate websites that have been infected with malware. These threats are more difficult to deal with. They require a different form of defense that uses a combination of standard email anti-spam controls along with web security defenses.

Spam may not be the favored choice of hackers these days, but it still represents a serious threat to businesses. Dealing with the emails can waste an extraordinary amount of time and money. Spam can take up huge amounts of bandwidth that affects all employees in a company. Dealing with spam adds significant amounts to operational budgets.

The messages by themselves may not be dangerous, but links to malicious websites can represent a serious problem, especially if staff members have not been warned how to identify malicious links. Infected attachments also place computer systems at risk. Both methods can be used to deliver malware, which has potential to cause a serious amount of damage.

A number of defenses can be used to reduce the risk of malware attacks. Anti-virus software is a must, as is a separate anti-malware shield and scanner. Anti-spam controls are vital, as they can prevent the delivery of phishing emails to employees. Web filtering solutions are also highly beneficial. If a spam email gets through to an endpoint user, the software can prevent a malicious website from being visited.

Unfortunately, there is no single control that can be used to prevent all attacks. The solution is to use multi-layered security defenses and to keep them updated.

Scammers Use Fake LinkedIn Contacts to Develop Spear Phishing Campaigns

by G Hunt | July 15, 2015 | Spam News

LinkedIn is a social networking website aimed at professionals, which helps them develop contacts, network, get new business, and find new employment opportunities. One of the main purposes of the site is to build up new contacts, making the site perfect for criminals looking to phish for information. The information that can be gathered can be used against individuals – or organizations – to conduct highly convincing spear phishing campaigns.

What is a Spear Phishing?

You may be aware of phishing, a technique used by criminals to get computer users to reveal their login names, passwords, credit card details and other highly sensitive information. Phishing is like using a trawl net behind a boat. The aim is to catch as much as possible. Sooner or later something will swim into the net. With phishing, spam emails are sent out in the millions in the hope that someone will respond. It is a numbers game, and the unwary will be caught.

Spear phishing on the other hand is not random. Individual victims are targeted. Spear phishing campaigns are often very convincing, and emails are sent containing information that is likely to fool a specific individual – or small group of individuals- into revealing passwords, login credentials, security codes or other information. These campaigns are also highly effective at getting users to click links to malicious websites, or open malware-infected email attachments.

How does Spear Phishing Work?

In order to convince users to install malware or reveal their sensitive information, those individuals must be convinced to take a specific action. To increase the chances of that happening, the criminals behind the campaigns need some nuggets of information. These could be gained from social media websites. People reveal a wealth of information about themselves on Twitter and Facebook, and some leave their accounts open for anyone to see.

LinkedIn is similarly being used by hackers to gain information about users, with the data harvested being utilized in future phishing and spamming campaigns. Data is collected on users, and used to devise phishing emails containing malicious software or links to malware-infected websites, or fake websites which convince users to enter in their sensitive details.  

LinkedIn Used by Scammers to Gather Sensitive Data

One of the latest scams identified involves the creation of fake LinkedIn contacts. Accounts are created by scammers, and then used to make connections with people in similar industries. Unfortunately, connecting with these individuals will allow them to obtain a wealth of information on you, such as your employment and education history, phone numbers and whatever information you add to your profile. In many cases, you will be supplying your entire CV to a hacker by accepting them as a contact. Fake LinkedIn contacts are now a major problem as they pose a big security risk.

This means that every contact must be vetted and assessed before you agree to a connection, and who has the time to do that?

How to Spot Fake LinkedIn Contacts

Fortunately, there are some common tells, and a little research (even a couple of minutes) can reveal fake LinkedIn contacts.

No photograph has been added

LinkedIn is all about making professional contacts. Photographs are therefore essential. People like to see who they are connecting with. If no photograph has been added, treat the account with extreme suspicion. Would the CEO of a mining company really be that concerned about someone finding out what he or she looks like?

Stock Photographs Used

Stock photographs can be purchased from image libraries for cents. Complete a quick Google image check against the user’s name and photo. If they are interested in business networking, their photo is likely to appear on other websites. If it appears under a different name, you will know the account is a fake.

Stolen Photographs Used

A photo search can reveal quite a lot of information about the genuineness of a contact. If your prospective contact is a librarian, it is perhaps unlikely they will also be a Ukrainian heavyweight boxing champion (Not necessarily of course!)

Numerous fake accounts have been created with the individuals claiming to be directors of companies. By day, they are the CEO of two or three different companies, by night they supplement their income by producing internet porn (Images have been taken from adult sites and used for LinkedIn). Unlikely perhaps, that CEOs would feel the need to do this.

Some fake LinkedIn accounts are very convincing

Not all fake LinkedIn accounts are suspicious. Many have extensive contacts, and a realistic profile. However often times that information has been lifted from other websites. Sometimes a photo will not have been used elsewhere online, but frequently the text has. One way of checking is to cut and paste small section of their profile and pasting it in Google. It may reveal that the data has been copied from a legitimate LinkedIn account or other social media site.

What is the Risk of Connecting with Fake LinkedIn Contacts?

There are a number of reasons why criminals go to the trouble of creating fake LinkedIn contacts. Spammers can use LinkedIn to obtain email addresses. Criminals can gain information to launch phishing campaigns and information can be gathered to commit identity theft. If a scammer can convince you they are genuine, they may create a fake job for you and get you to reveal some very sensitive information.

Of course the only way to be sure that you are not accepting fake LinkedIn contacts is to only connect with people you know, but that kind of defeats the whole purpose of the website. The answer is therefore to conduct a rudimentary check to make sure the person you are about to share information with is in fact genuine.

SpamTitan Technologies One of World’s Most Innovative Cybersecurity Companies

by G Hunt | April 12, 2015 | Spam News

Ireland may not produce many highly innovative cybersecurity companies, but Galway-based SpamTitan technologies is bucking that trend. The company has recently been rising up the ranks and has now taken its place among the best cybersecurity companies in the world, according to the latest Cybersecurity Ventures report.

Only four Irish companies have made it into the Q2 2015 edition of the Cybersecurity Ventures Cybersecurity 500 list: Netfort, PixAlert, VigiTrust and SpamTitan Technologies, with SpamTitan now having ascended to position 123.

This is a major achievement, with the company having previously been placed at 393 for the previous quarterly report. The massive jump in position has been attributed to the hard work put in by all members of staff, who are committed to providing the best possible service in the fight against cybercrime. The company can now be considered one of the best, and also one of the hottest new prospects in the world of cybersecurity.

Each quarter, Cybersecurity Ventures publishes its new top 500 list, which features companies from all around the world. Experts in the field of cybersecurity assess companies for the efforts made, as well as determining each company’s potential. CISOs, VCs and a host of security professionals provide their input for the reports.

Many similar reports tend to focus on the size of the company, turnover and profits achieved. This list is different as it is more concerned with potential and innovation. Founder and CEO of Cybersecurity Ventures, Steve Morgan, said, “We do not think a list of the largest cybersecurity companies is useful to our target audience of cyber and IT security decision makers, evaluators, and recommenders”. He went on to say, “They already know who the biggest vendors are. Instead, we give a nod to the hottest and most innovative companies.” It is, after all, these companies that really need the recognition.

The list contains all of the hottest new prospects and top performers, with the ranking based on each company’s merits and prospects. Ronan Kavanagh, CEO of SpamTitan Technologies is proud of the rise in position, and the value of the list. After hearing of the new position in the top 125 cybersecurity companies, he said, “We recognize the importance of being included on such a significant industry list as the Cybersecurity 500.” He went on to say, “At SpamTitan, our staff are assisting our customers on a daily basis in dealing with the constant threat of cyber attack, and this is now as important for the smaller businesses as it is for the fortune 500 company. We are delighted to be working with Cybersecurity 500 in highlighting the need for vigilance and raising awareness for all businesses.”

For further information, and to find out the full list of top 500 companies, visit www.Cybersecurity500.com

Facebook Hacks Compromise 145 Million Accounts

by G Hunt | March 9, 2015 | Spam News

Facebook hacking is rife and, if it happens to you, you are not alone. Unfortunately, there is no one to blame other than yourself. Facebook hacking is caused, in the vast majority of cases, by poor security practices and a lack of security awareness.

Facebook accounts get hacked because:

• Passwords are stolen in phishing attacks
• Two-factor account authentication is not used
• Passwords are shared across multiple sites
• Keyloggers have been installed on a computer used to access Facebook

If a hacker manages to obtain one password, chances are that same password is used on other sites. Criminals sell passwords online, and there are plenty of would be purchasers. Hackers even buy them on exchanges. Sharing passwords across sites is therefore very bad news, especially on sites that have poor security practices.

Fortunately, on Facebook at least, if you are hacked you can report it easily and should be able to recover your account.

A blocked Facebook account does not necessarily mean you have been hacked!

Facebook does frequently block user accounts. It does this as a security precaution, which is good for all users and offers some peace of mind. How often are accounts blocked? About 600,000 times a day, according to TechCrunch!

That is an awful lot of compromised accounts, yet do bear in mind that Facebook has over a billion users. So 600,000 represents just 0.06% of the total. Which is 6/10,000 if you prefer fractions to percentages.

When Facebook blocks an account is because the account has potentially been compromised. According to Facebook, this occurs when “we are not absolutely confident that the account’s true owner is accessing the account and we either pre-emptively or retroactively block access.”

This means that there is suspicious activity, Facebook often errs on the side of caution and blocks access. That could indicate an account has been hacked, or that action is being taken to prevent the account from being hacked. The good news is that when this happens, only the real owner can get the account unblocked. In theory at least.

When the figures of the number of blocked accounts emerged, the story was widely misreported in the media. Facebook was accused of a “shocking lack of security,” but the compromised account definition had not been read by many Facebook users, and even some reporters. Also bear in mind, that those 600,000 blocked accounts will include many false positives.

Determining exactly how many Facebook accounts have been hacked is rather difficult, unless you work for Facebook and have access to that data. It is possible however to come up with a fairly reasonable estimate, based on research conducted by security and market research firms. Their data can be used to get a reasonable estimate.

Take Statista’s figures for example. It conducted surveys on individuals who had been hacked, and 66% said they had had their Facebook accounts compromised. Then combine that with study data from Pew Research. The company determined that the volume of “internet users have had an email or social networking account compromised or taken over by someone else without permission” was 22%.

Using a simple calculation an estimate can be obtained: There are 1 billion Facebook users. 22% of individuals claim to have had an account hacked, and Statista says 66% of those were Facebook accounts. That works out at 145 million users, which should be a fairly reasonable estimate.

Fortunately, Facebook security is robust. A mobile phone is required as part of the account recovery process, so you would need to have lost that as well in order for your challenge question to be used to login. SSL certificates prevent network snooping, and the brute force approach will be prevented by Facebook’s security controls. But phishing scams are likely to leave your account open.

Fortunately, there are ways that you can protect yourself, and your Facebook account.

It can be difficult to avoid phishing scams, and all too easy to fall for one. One of the best defenses is to use Antispam software. SpamTitan’s software will prevent phishing campaigns from being delivered to your inbox. Parental controls at home, and web filtering controls at the office are excellent ways of blocking malicious links.

Unfortunately, not all access points have the above controls, so you will have to rely on common sense and become more security aware. For example:

• Never click on a link that appears to take you to an unfamiliar site.
• Never open email attachments sent from unfamiliar senders.
• Use different passwords – don’t share them between websites
• Use complex passwords, containing characters, capitals, and numbers
• Don’t share everything about your life on social media
• Change passwords regularly, certainly every 6 months
• Don’t reuse passwords
• Keep your anti-spam software, virusguard, and anti-malware programs updated, and scan regularly
• Set your account recovery options and security questions as if they were passwords

And remember, just because you have friends and family on Facebook, don’t let it create a false sense of security. You can never be sure how security conscious they are! Complacency is likely to leave you vulnerable to hackers.

If your Facebook account has been hacked, let us know. We want to hear your stories!

Phishing Emails Tripled in 2014, Says Kaspersky Labs

by G Hunt | February 15, 2015 | Spam News

Phishing emails may not account for a high percentage of total email traffic, but they are becoming more prevalent. In fact, since 2014 the growth of these malware spreading emails has tripled, according to a new report issued by Kaspersky Labs.

Kaspersky determined that the percentage of phishing emails in total email traffic is now 0.0071%. Compare that to spam emails which accounted for 66.34% of all email traffic in the first quarter of 2014, and the figure seems very small. However, the damage that can be caused by the emails is considerable. For some companies, the damage can be catastrophic. When phishing emails lead to financial losses, funds can rarely be recovered.

Phishing emails are becoming increasingly common, but spam appears to have declined a little. A fall of 6.42% was registered since the last quarter of 2013.

Social Media Overtakes Email as Main Method of Phishing Campaign Delivery

Phishing campaigns are frequently delivered to potential victims via email. A link to a malicious website is sent – often randomly – to individuals in the hope that they are fooled into clicking. That link will take the person to a website where they are required to enter confidential data such as login names and passwords. Oftentimes, visiting the website will result in malware being downloaded to the visitor’s computer.

Spam emails are still favored by cyber criminals in some countries such as China and South Korea; however, social media has now overtaken email as the main method of delivery of phishing campaigns according to Kaspersky.

This may not come as a surprise. Rather than hackers sending the campaigns to new victims, victims of phishing campaigns share the links voluntarily (and unwittingly) via Twitter and Facebook pages. Infecting new computers could not be any easier.

Infected email attachments are still a popular method of malware and virus delivery. If these attachments are opened, the user will install malware and viruses on their device.

Top Ten Malicious Programs Spread by Email

Even with the rise in popularity of social media for malware delivery, spam emails are still responsible for spreading a huge volume of malware. In Quarter 2 of 2014 alone, Kaspersky Labs were able to block an incredible 528,799,591 malware attacks. The volume of different types of malware is also astonishing. During the same period, Kaspersky Labs detected and blocked 114,984,065 unique potentially unwanted objects.

Many of the viruses and malicious programs are camouflaged to look innocent. Take the most popular malicious program used by cyber criminals as an example. Trojan-Spy.HTML.Fraud.gen appears to be a standard HTML page containing a form for online banking. When data is entered, the information is transmitted to hackers who are then able to use the information to gain access to users’ bank accounts.

Cybercriminals Earning over $100 Billion a Year

Cybercriminal attacks are increasing in frequency and severity, and this is unlikely to change given the huge sums of cash that can be obtained. According to recent estimates by the FBI, the proceeds of cyber crime are in the region of $100 billion per year. The bad news is that criminals are devising ever more sophisticated ways of attacking organizations, and many of those organizations are ill-prepared to deal with the risks. Oftentimes even basic security measures against cyber attacks are found to be lacking. This is due to extremely limited IT security budgets, which hamper efforts to deal with all the threats.

Many organizations do not have clear and concise IT security policies in place, and do not place an individual in overall charge of cybersecurity. Sometimes there is not even a dedicated IT security professional employed and many organizations are still not providing all members of staff with security awareness training.

A failure to employ the appropriate staff, allocate sufficient budgets to IT security and train the staff can prove very costly indeed. Lost and stolen data, system downtime and drained bank accounts result in far heavier losses than the cost of implementing security measures to prevent attacks. Even the cost of new IT security staff will pay dividends in the long run.

Staff Security Awareness Training is Critical

Spam emails and phishing campaigns generally have one of two main aims: To trick users into revealing sensitive information or to fool people into downloading and installing malicious software and code. The latter allows hackers to take control of computers and infiltrate networks.

Spam and phishing emails can be very convincing, yet there are a number of tell-tale signs that emails are not all they appear to be. By providing training to staff members on these tell-tale signs, the risk of employees falling for a scam can be drastically reduced.

Email Security Solutions Must be Employed to Protect Sensitive Data from Attack

Can you be sure that staff members will be vigilant and security aware? Unfortunately, even with training, employees will make mistakes. They are human after all. It is therefore important to install security solutions that will limit the volume of spam emails that are delivered to employees’ inboxes.

One of the best solutions is a spam filter such as SpamTitan Anti-Spam. This data security solution has now been employed by IT security professionals in over 120 countries around the world. They benefit from being able to block over 99.7% of spam emails.

Since SpamTitan uses two separate anti-virus engines (Bitdefender and Clam AV) the catch rate is particularly high. Furthermore, SpamTitan includes an anti-phishing module as standard that filters out emails containing links to known malicious websites. This further reduces the risk of an employee accidentally clicking on a link and downloading malicious software. Consequently, SpamTitan is one of the best investments to protect against cyber attacks.

Human Behavior Being Exploited By Phishers

by G Hunt | August 20, 2014 | Spam News

Cyber criminals are using phishing to lure web visitors into revealing their sensitive data. Internet surfers are presented with a baited hook, which draws them into revealing login names, passwords, security keys and other valuable data.

The technique can be employed by individuals with little to no hacking skill, luring users to a malware-ridden website in exchange for payment. There are plenty of would-be criminals looking to make a quick buck, and since the campaigns can be so effective, online thieves and criminals are increasingly using this technique to make money.

Many online criminals use phishing in random campaigns sent via email. There is little skill involved. It is simply a numbers game. If enough emails are sent, sooner or later someone will respond and fall for the bait. However, we are now seeing much more sophisticated campaigns launched.

It used to be easy to spot a phishing email. They were littered with grammatical errors and spelling mistakes. Images were used that were clearly fake, and the emails would only fool the most unsuspecting computer user. They claimed victims, nonetheless, but only a few.

Some of the phishing emails now being sent are extremely convincing and very difficult to identify. Even well trained, security-conscious IT professionals have fallen for some of the scams. The reason? They work by exploiting traits in human behavior and use techniques that are particularly effective at drawing the required response.

Human Traits Successfully Being Manipulated by Hackers

Cyber criminals are exploiting human behavior to get users to click on links to malicious websites or open attachments. They rely on common traits that are all but guaranteed to get the desired response. The male of the species, for instance, is easily tricked into opening an apparent JPEG file if he is promised a glimpse of bare female flesh. An offer of sex from an unknown admirer can also work particularly well.

Not everyone is motivated by sex. For others the promise of financial gain does the trick. Criminals exploit greed to get users to click on a link. A money making scheme, or a hot stock tip, can entice many people to click on a link. Curiosity is also exploited. Major news events, conspiracy theories, celebrity news, and information on natural disasters have all been used by email spammers and scammers to get people to visit a malware site or open an email attachment.

Even the sense of duty has been exploited. Emails are sent from the accounts of work colleagues, bosses, civil authorities or law enforcement officers. These are effective at fooling users into complying with requests.

By exploiting human traits and evoking emotions, recipients of these scam and spam emails swallow the hook, and often the line and sinker too.

Spear Phishing: Effort Put in is Rewarded with More Victims

The sending of millions of mistake-ridden emails results in very few individuals falling for the scams. When email spam filtering software is employed, the filters will prevent these emails from even being delivered.

However, a little research goes a long way. Phishers who invest time into researching victims can see the time they spend on the campaign really pay off. A search on social media will reveal a considerable amount of information on an individual. Employers can be found on LinkedIn, Facebook can be used to find out friends’ names, and Twitter exploited to find out a user’s interests.  With this information, highly effective campaigns can be developed.

These phishing campaigns are referred to as spear phishing. As the name suggests, the hacker goes after one fish. These campaigns can be incredibly effective as they exploit trust. If an email is sent that appears to be from a friend or colleague, it is far more likely to be opened. But how is this possible?

SMTP Weaknesses Are Exploited by Phishers

Unfortunately, the SMTP protocol contains a security weakness. Hackers can exploit this weakness to mask the true sender of an email and the return address. To the casual viewer it appears that the email has been sent from a known individual, and even replying to the mail appears to direct it to the correct mail recipient.

Fortunately, a spam or phishing email is not dangerous. It requires an action to be taken by the recipient. Deleting such an email will delete the risk. Only opening the attachment, downloading it, or visiting a link contained in the email will result in the delivery of malware, a virus or the installation of malicious code.

Unfortunately, while most employees know never to double click on a file with a .exe extension, file extensions can be all to easily masked. They can be made to appear as a PDF file or JPEG, or other supposedly innocent file type. Without training, users are likely to open these attachments, and unwittingly activate the executable file.

The way to prevent users from clicking on links and opening attachments is to provide them with security awareness training. Teach staff members how to identify phishing campaigns, and they can check the genuineness of emails before they take action. Developing a culture of security awareness is therefore essential in the fight against cyber crime.

Blocking the emails with a spam filter is even better. That way, the email will never be downloaded and delivered. Unfortunately, from time to time emails do slip through the net. When that happens, employees must know how to react.

Training is therefore important even if a robust and reliable spam filter is used. After all, it is best to be shown how to deal with a phishing email that never arrives than to fall for the first one that gets past a spam filter.

Do Hackers Ever Get Caught and Punished for Their Crimes?

by G Hunt | August 6, 2014 | Spam News

The news is full of reports of data breaches that have been suffered by companies and even governments. Numerous media reports detail how hackers have managed to obtain tens of thousands of confidential records, or in some cases, tens of millions or more. However, it is rare that a hacker is caught and brought to justice for the crimes committed.

Recently, a hacking group in Russia was reported to have stolen a staggering 1 billion passwords. If that was not shocking enough, the authorities know the individuals are located in central Russia. They are also in their early 20s. If they have been identified, why have they not been arrested?

Bringing hackers to justice is complicated

In this case, there are problems because it is the United States that wishes to take action. The crimes were committed against Americans but some countries are unwilling to turn over their own citizens to other countries. In this case, should the criminals be tried in Russia or in the United States? Where should justice occur, where the crimes were committed or in the country most affected by the crimes? Should hackers be extradited?

If there is no treaty in place between two countries, hackers will be tried and sentenced (or not) in their own countries. The United States has tried to get five Chinese hackers extradited and brought to the United States to face trial. They worked for the Chinese military. China is unlikely to take any action, and certainly will not release them to the United States. The individuals are believed to be behind attacks on Alcoa, U.S. Steel and Westinghouse, as well as on other U.S. firms. The criminals were indicted, but that is as far as the U.S. got. They are very likely working on new hacks against U.S. companies.

In some cases, hackers do not need to be extradited. The FBI has previously tricked hackers into coming over to the United States voluntarily. By doing so the tricky issue of extradition has been avoided. The FBI set up a job interview for two hackers using a fake Seattle company. The pair, Alexey Ivanov and Vasily Gorshkov, arrived for the interview and were promptly arrested. The latter received a sentence of 3 years, the former got 48 months.

Spam email kingpin sent 30% of all junk emails!

If you are a cybercriminal or spammer and you have launched attacks on Americans, it is a wise move never to visit the country. However, some just can’t resist. When visiting a car show in Las Vegas in 2010, Russian super-spammer, Oleg Nikolaenko, was arrested and charged for his crimes. He had used a botnet to send the spam emails. That botnet included a staggering half a million computers. Even more staggering was the volume of emails he sent. An estimated 10 billion per day. He is awaiting trial.

Hackers are very good at hiding their real identities and consequently can be difficult to locate. It can be even harder to bring them to justice.

It should come as no surprise to hear that many successful hackers are based in countries that offer protection against extradition to the United States. Unless there are international laws signed, and more cooperation between countries to tackle the global problem of cybercrime, they are unlikely to be tried and sentenced for their offenses.

233 Million Customers Affected, Yet eBay Fails to Notice 3-Month Data Breach

by G Hunt | May 29, 2014 | Spam News

eBay customers have started to receive emails advising them to change their passwords. Their user names and passwords have been obtained by hackers, and a new password must be set for security reasons.

Unfortunately for many eBay account holders, the requests to change passwords have not been sent by eBay, but by phishers. The emails contain a link to a website which looks like eBay, but it isn’t. It is a fake website devised to get users to reveal their current passwords. This sneaky phishing campaign is likely to catch out many eBay account holders.

Data breach was suffered, but not identified for 2 months

In late February/early March, three employees of eBay had their login credentials compromised in a cyberattack. The cybercriminals used the login credentials to access a database containing the names of 233 million site users. Phone numbers, addresses, email addresses, dates of birth, and customer names were stolen, along with encrypted passwords.

In early May, eBay became aware of the breach, two months after it occurred. The company then waited a couple of weeks to make the announcement. The delay was because eBay didn’t realize that account information had actually been stolen. It took the best part of a month to realize data were actually stolen in the attack. Fortunately, PayPal information was not compromised and neither was any financial information.

A breach that does not involve bank account details or credit card information being exposed can still be serious and, in this instance, eBay account holders are at risk.

Passwords may have been encrypted but hackers I’ll be able to guess some as they have a lot of personal data. Dates of birth for example. They are often used as passwords. Since email addresses were obtained, the victims that have not had their passwords guessed are now being spammed with phishing campaigns.

Most customers will be aware of the exposure of their data and as a result, they may believe the phishing emails to be genuine. If they do, they will inadvertently reveal their passwords when they attempt to change them.

Investigations launched into the eBay data breach

Investigations into the eBay data breach have now been launched by state attorneys general in three States – Connecticut, Illinois and Florida. In Europe investigations are also being conducted. The attorney general of New York has spoken out about his expectations. He believes credit protection services should be offered to breach victims without charge. At the present moment in time, eBay has no plans to offer any risk remediation services to customers.

eBay has been criticized for the slow identification of the breach, as well as the slow response when it was discovered. Initially there were no victims, then there were 145 million. eBay finally settled on 233 million accounts.

It may not be a problem for spammers to send 233 million emails, but for eBay that has taken some time. The company tweeted news of the breach, but email notifications took a considerable amount of time to be sent. This may have resulted in more individuals responding to the phishing requests.

eBay breach victims must exercise caution

A data breach of this magnitude, affecting a company as large as eBay, is worrying. How good were the security measures it had in place? Why was the phishing campaign not identified before three people responded? Why were the phishing emails not blocked and prevented from being delivered? Only time will tell.

Since information has been compromised, and hackers are now attempting to guess passwords based on the personal data they have acquired, it is a wise security precaution for account holders to login to the site directly and change their passwords. They should not respond to an email, as it may be a phishing campaign.

Hacked Domain Takes Down ISP and Results in Customer Exodus

by G Hunt | May 26, 2014 | Spam News

Unfortunately, all it takes to lose swathes of customers and destroy the reputation an ISP is for a single email spammer to get a block of your IP addresses blacklisted by a number of ESPs and RBLs. It is a nightmare scenario, yet it is one that could all too easily play out.

Customers using any of the blacklisted domains would have their outbound emails blocked and, if they cannot send emails, they will leave in their droves for another provider. Perhaps even worse than losing those valuable customers will be the comments they invariably post all over the Internet. Negative feedback can seriously damage a company’s reputation and it can take a long time for a damaged reputation to be restored.

There are steps that can be taken to at least temporarily fix the situation. The IP addresses affected could be swapped, and netblock could be used as a temporary fix. Unfortunately, recovering blacklisted IP addresses is a very slow process. During this time, other IP address blocks could be lost.

Managing risk is difficult. It is possible to set limits on the number of emails that can be sent by a particular domain. Alerts can be configured to identify a domain that is being used to send spam, and it may be caught in time to prevent blacklisting. IP netblocks can be changed should it not be possible to prevent a domain being blacklisted by ESPs and RBLs.

The process of undoing the damage caused by spammers is a nightmare as well. New domains must be warmed up, and efforts made to ensure they are operated within acceptable ESP limits. Otherwise they will just get blacklisted again and the process must restart.

Fortunately, there is a solution that can be adopted by MSPs and ISPs that can prevent blacklisting. Install the latest version of SpamTitan!

SpamTitan v6.3 includes outbound email filtering

SpamTitan will prevent spam emails from being delivered to inboxes; however, version 6.3 also includes a sophisticated and powerful outbound email filter that can be used to prevent spam emails from being sent from accounts. If a domain is hijacked and used to send spam emails, or is used by an individual within your organization, the emails will be blocked and the ESP will not be alerted.

SpamTitan v6.3 uses the same identifiers to clean and filter outbound email as it does for incoming spam. System administrators can set rate limits by email address, IP address range, or domain.

If an organization needs to send a high volume of emails, to avoid inadvertently causing problems with an ESP, a pool of IP addresses can be used to send email and these can be rotated. This allows risk to be effectively managed. Damage to the reputation of IP addresses and the business itself can be easily prevented.

Any MSP providing multiple client domains can implement SpamTitan v6.3 and ensure that emails are sent safely, while the risk of blacklisting is kept to a bare minimum. The Anti-Spam solution will also ensure that incoming emails are cleaned and spam is quarantined, while the Anti-phishing module will protect against malicious attachments.

Phishing Warning Issued as Sophisticated Careto Virus is Discovered

by G Hunt | February 18, 2014 | Spam News

The expert researchers at Kaspersky Labs have been hard at work this winter uncovering new malware threats, viruses and malicious code that threatens computers, mobile phones, servers, and corporate networks. However, what has recently been discovered is very worrying indeed. A new and highly malware named the Careto virus.

This is not a run-of-the-mill virus. It is nasty, very sophisticated, and consequently, probably the work of government-backed hackers. The Careto virus came from a previously known location, one that has produced a similar virus not so long ago. Kaspersky discovered the new virus and took rapid action to neutralize the threat.

Kaspersky Labs has already produced a detailed description of their discovery after conducting a detailed forensic analysis. That said, some techniques used to explore the nature of the virus were not particularly sophisticated and could be performed by any IT professional.

Kaspersky used “strings” – a Linux program that can be used to explore executable files – to extract text from the file. What they found was a series of instructions in Spanish, together with the name assigned to the new virus: Careto.

The name “Careto” is colloquial Spanish for “ugly face”, the corresponding name in English being “ugly mug”. It doesn’t translate as disaster, but it might as well do. This virus wreaks havoc.

Hidden inside this virus is a rootkit and a bootkit. The malware is particularly nasty and versatile, containing a Linux version, Mac OS X, and it is presumed it would also work on Android phones and the iOS system. It is very sophisticated in nature, and because of its complexity it has been suggested it is not the work of a bored, skilled teenager coding away in a bedroom. The complexity suggests that a considerable amount of time and effort has been put in to developing the virus. The Careto virus is capable of working on multiple systems at once, which Kaspersky suggests makes it the work of a team of hackers, not one individual.

Kaspersky investigated the Careto virus and started monitoring command-and-control (C&C) servers that were known to be used by hackers. This enabled the researchers to determine that the virus is proving to be effective. It has already infected over 380 computers, with those infections discovered in 31 countries around the world. The Careto virus appears to have been used to target specific organizations, and has been discovered in government organizations around the world, in particular, foreign embassies. Oil companies, gas companies, private equity firms, and research institutions have also been targeted.

The virus is primarily being spread by spear phishing campaigns. The targets have been sent links to fake versions of popular newspapers, including The Washington Post, as well as the Spanish Newspapers, El Pais, El Espectador, Publico and El Mundo.

The link contained in the phishing email has been masked, with users fooled into thinking they are actually visiting the genuine periodicals. The virus has also been discovered to have been used to infect computers via a security vulnerability in Adobe Flash (The 2012 version). Flash is used on a number of (typically older) websites to display advertising and video files.

Users may be wary of double clicking on emailed executable (.exe) files, but what about harmless picture files such as JPEGs. The executable file was found to reside in apparent JPEG files. The names, chef.jpg, waiter.jpg and dinner.jpg having been used to make them appear innocent.

What Does the Careto Virus do?

The types of individuals targeted thus far gives a clue as to what the Careto virus does. Its aim is to collect highly sensitive information, which it does by intercepting all communications channels used on the victims’ computers.

It “listens” in on Skype calls, chat sessions, and records and exfiltrates data from the infected device. Passwords are stolen, and encryption keys, bank account numbers, email addresses, phone numbers, and all manner of sensitive information obtained by hackers. This data is sent to the hackers’ command and control servers, one of which was discovered to reside on one of the IBM-owned Softlayer cloud service provider’s servers.

Unfortunately for the infected, detecting the virus is difficult. This is because it has stealth rootkit capabilities, cyber-espionage modules and other functionalities to help it avoid detection. After discovering and analyzing the virus, Kaspersky was able to track infected computers.

Fortunately, AV definitions have now been updated to spot the Careto virus, which incidentally, is blocked by SpamTitan Anti-spam software. SpanTitan is able to prevent this nasty virus from being delivered to your inbox.

7 Ways to Lockdown Network Security by Changing User Behaviour

by G Hunt | September 23, 2013 | Spam News

Security technologies are some of the most advanced technologies, but security itself must be combined with good business and user practices to work effectively. No matter how advanced and well implemented the technology is, it is only as good as the methods used in using and managing it.

• Acceptable use policy – what network activities are allowed and which ones are not

To protect employees, customers and suppliers all members of staff should be given a copy of the company’ s policy for acceptable use of IT resources including Internet and email.  Often this forms part of the contract of employment. Having an acceptable usage policy in place helps protect the organization from exposure to malware and web threats as well as helping in disputes with employees.

• E-mail and communications activities

To help minimize problems from e-mails and attachments, informing user behavior is key. Robust email and web security, coupled with appropriate user training and security procedures, are absolutely essential to the protection of corporate data, financial and other electronic assets. Without adequate solutions and controls, cybercriminals can exploit gaps in security defenses and cause serious damage to an organization.

For example:

1. On Christmas Eve and again on December 26th, 2012, cybercriminals used malware installed on a local PC at Ascent Builders to transfer $900,000 from the company’s Bank of the West account. The theft was followed shortly after by a major distributed denial-of-service (DDoS) attack on the bank, presumably to conceal the theft of funds.
2. In December 2012, cybercriminals added 11 bogus employees to the payroll of Niles Nursing, Inc. by using the company controller’s login credentials. Using ACH payments from Niles’ bank account, the criminals initially transferred $58,000 in funds to these individuals, who were to wire the funds to contacts in Russia and Ukraine. In total, approximately $170,000 was stolen from the firm.
3. A study conducted for the UK Cabinet Office found that the loss of intellectual property – much of it the result of malware and other forms of cybercrime – costs British organizations upwards of £9.2 billion annually.

• Antivirus policy

To help protect networks against threats such as viruses, worms, and Trojan horses, companies need to implement anti-virus protection on all company devices – specifying what anti-virus software is installed and what interval they are scheduled to run at. In addition, the anti-virus software and the virus pattern files must be kept up-to-date. Virus-infected computers must be removed from the network until they are verified as virus-free. System Admins are usually responsible for creating procedures that ensure anti-virus software is run at regular intervals and computers are verified as virus-free. Any activities with the intention to create and/or distribute malicious programs into the company (e.g. viruses, worms, Trojan horses, e-mail bombs, etc.) should be clearly stated as prohibited, in accordance with an Acceptable Use Policy. Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

• Identity policy

To help safeguard the network from unauthorized users, current corporate policies surrounding network security often neglect the most critical and weak security component: the human element. An organization’s overall security is only as strong as its weakest link – the user. Environments with disparate sources of identity information have different approaches for organizing user entries, security practices and access control. Internal identity issues can be complicated and need clarifying in a policy format.

• Password policy, to help employees select strong passwords and protect them

A complex security system won’t matter if a hacker or phisher gets a hold of an employee’s password. If you take a laissez-faire approach to creating and protecting passwords these type of security breaches are more likely to happen. Smart password practices require next to no budget. They don’t need to take up much time either when formalized in a company policy. Password policy is often overlooked, but it’s a very important part of keeping secure in an online world.

• Encryption policy, to provide guidance on using encryption technology to protect network data

A common scenario occurs when a company with a security policy in place directs the use of encrypted USB storage and distributes these devices to its users. After time it becomes apparent the company is still at risk from a data breach because users continue to use unencrypted USB keys. This company had a security policy in place and they issued encrypted devices yet still there’s a data breach that they must deal with. An encryption policy will not work unless users understand their role in protecting company data. It’s important to have an encryption policy but it’s just as important to have an encryption policy that can be enforced and is easy for the end user to adhere to. The hard part in this process is that it often requires a behavior change, the secret to success is showing employees how they benefit from tighter network security. Cybercrime and phishing attacks most commonly originate with an employee clicking a link to a website hosting malware, opening a file attached to an email that contains malware, or simply just giving up corporate information when asked via a phishing email or website. Such information can then be used as the basis for a sophisticated phishing attack or may be sufficient to get the scammer what they need. There is no silver bullet, but these threats can be mitigated against by training the workforce to identify, prevent, and report such attacks in a timely manner.

Death of Hugo Chavez Used as Bait in New Email Scam

by G Hunt | March 10, 2013 | Spam News

Cyber criminals often take advantage of major news stories to launch new spam and phishing campaigns. Email subject lines containing news headlines are more likely to be opened by email users. A percentage of individuals who open the emails will click on the links contained in those emails or open the attachments.

One of the latest email scams uses the death of Hugo Chavez to get users to open spam and phishing emails. Unfortunately, curious individuals are likely to end up compromising their computer, and even the network to which it connects.

The latest spam campaign takes advantage of users’ curiosity with a good old conspiracy theory. In this case, the theory is that the FBI or CIA were behind the death of Venezuelan president, Hugo Chavez.

Researchers at Kaspersky Labs intercepted one of these spam emails and investigated. The email directed users to a website containing malicious software. Visiting the link would result in the user’s device being infected using the BlackHole 2.0 exploit pack. This would happen without the users’ knowledge. In this case, the malware was widely known. According to Kaspersky Labs, when the link was clicked “The payload dropped was not disclosed; however, 8/46 antivirus programs were able to detect the exploit code.”

The Aim of Many Spam Emails is to Infect Devices with Malware

Kaspersky Labs AV engine is used by SpamTitan to detect emails containing malware or malicious links. The anti-virus giant keeps its virus definitions database up to date and checks for the signatures of the latest malware and viruses to be discovered.  The company has already identified a number of Hugo Chavez email scams doing the rounds, all of which have the purpose of delivering malware to unsuspecting email users.

The emails take advantage of people’s curiosity and direct users either to fake websites or genuine websites that have been hijacked and loaded with malware. Oftentimes the emails contain attachments containing malicious code. Opening those attachments will similarly result in users’ systems being compromised.

The latest emails are nothing new. Spammers and hackers often take advantage of major news events to get their malicious emails opened. Major sporting events, celebrity news, weddings, deaths, elections and natural disasters usually spawn a wave of new spam emails. Cyber criminals are devising ever more complex campaigns to fool users into installing malware or revealing their sensitive information.

Unfortunately, the problem is likely to get worse. As long as it proves profitable to send these spam email campaigns and phish for information, there will be criminals who are more than happy to commit time to developing the campaigns.

Fortunately, it is possible to lower the risk of becoming a victim of the spammers by following some simple rules and being vigilant.

Guidelines to Avoid Becoming a Victim of a Phishing Attack

•  If you don’t know the sender of the email, don’t open it. Mark it as junk or delete it
• Never open an attachment sent by someone you do not know
• Never click on a link in an email unless you are sure it is genuine
• Never unsubscribe from an email newsletter or service that you have not subscribed to – Doing so will just confirm to hackers that your email address is valid. This will likely see you targeted by even more spammers
• If you receive a special offer that you are interested in, visit the website of the vendor directly to check the validity of the offer. DO NOT use the link contained in the email
• Ensure your anti-virus and anti-malware definitions are up to date
• Develop a culture of security awareness in your organization – The majority of security breaches come as a result of employees falling for a phishing campaign or responding to spam emails
• Install a robust spam filter to prevent spam from ever reaching inboxes
• Use web filtering to prevent users from visiting known malware and phishing websites

Cyber Monday: A Time for Bargains and Financial Ruin

by G Hunt | November 25, 2012 | Spam News

Cyber Monday is one of the busiest online shopping days of the year, in fact the four days from Black Friday to Cyber Monday see huge volumes of people head online rather than travel to the shops.

This period is the busiest time of year for online shopping, with millions of shoppers going online to buy presents for Christmas. Over $1.5 billion is expected to be spent online on this single day, according to figures from ComScore. That represents a 20% increase in spending year on year. Ever since 2005 – the first Cyber Monday – online criminals have taken advantage of the unsuspecting. This frenetic period of shopping sees many internet surfers and bargain hunters let their guard down.

There are bargains galore, huge discounts to be had and a small fortune can be saved. However, it is a time when users and businesses need to be particularly vigilant. Financial ruin awaits the unwary. Spammers, scammers, phishers and other cyber criminals are very active during this four-day period and are waiting to take advantage of Internet users that do not take precautions.

Retailers do tend to concentrate efforts on Cyber Monday, but that is not to say that the remaining days in the run up to Christmas will not be busy. Cyber Monday is just the start of a long spell of intensive online shopping.  Cyber criminals are aware of this. Individuals failing to take care could well become victims of fraud and identity theft. A high percentage of victims are created during the period from Black Friday to Christmas Eve.

A cybercrime report issued earlier this year suggests that 431 million adult victims have become victims of cyber crime in the past 12 months. The global losses from online criminal activity have now reached an incredible $114 billion a year.

Shopping Frenzy Sees Basic Email Security Measures Forgotten

Cyber Monday is not a holiday. It is just a particularly busy day for online shoppers. Since people are at work, the time available for online browsing is therefore limited. Time pressures combined with amazing bargains is only a good mix for online scammers. They take advantage of lapses in security precautions that inevitably occur when shoppers are concentrating on special offers and discounts.

Scammers use this time of year to send huge volumes of spam emails containing links to exclusive deals and special offers. Email attachments are commonly sent containing vouchers providing even greater savings. This is not just a problem for shopping addicts. Employers face an elevated threat of having their networks compromised during this busy period. According to recent research, 80% of all online shopping occurs during working hours, with employees sneaking online while at the office.

Employers must therefore ensure that their employees are not taking unacceptable risks that could compromise their computers and networks. Should malware be downloaded, or phishing links clicked, the consequences could prove to be catastrophic.

Should Access to Shopping Sites Be Banned at Work?

Human resource consulting firm, Robert Half Technology, recently conducted a survey that showed CIOs do not typically block access to internet shopping sites from the workplace. 77% of CIOs allowed fairly free access to the internet from work, with only 23% of CIOs banning online shopping. However, that said, internet access is closely monitored and action taken against employees found to be excessively surfing and shopping from work computers.

By permitting casual internet surfing and online shopping at work, CIOs are allowing employees to potentially engage in risky behavior. Many choose to reduce the risk of users visiting phishing sites by restricting access to the internet to secure websites only. This is often achieved by implementing a web filtering solution, which prevents employees from visiting specific websites or certain types of websites.

This is arguably one of the best methods of protecting business networks, without placing too many restrictions on the staff. Internet access can be allowed, which leads to happier staff, yet networks can be protected from phishing websites, viruses and malware.

The use of anti-spam filters will similarly prevent spam emails from being delivered to inboxes, further reducing the risk of employees clicking on links and opening attachments that could compromise a network. If these email security measures are employed and security awareness training is provided, the Black Friday to Cyber Monday period can be enjoyed safely. Many data security headaches will also be prevented.

Customers Seek New Provider as Postini & Webroot Exit Email Filtering Market

by G Hunt | August 30, 2012 | Spam News

The news that Google will pull the plug on Postini spam filtering software may not come as a shock to the 26 million businesses and consumers who use the product to keep their inboxes clear of email spam. There have been rumors circulating for a while now about the Postini Anti-Spam pull out. However, now it is time to actually start looking for an alternative email spam filtering provider, as the rumor has been confirmed as being true.

Google is attempting to move all Postini customers over to Google Apps, which the search engine giant hopes will be a smooth process. Not all Postini customers will welcome the move. For them, they will need to put effort into assessing the alternative spam filtering to Postini and will need to choose another vendor.

Google Apps may offer email security solutions but there are drawbacks, the main one relating to privacy. Google does like to know everything about its customers and many organizations are unhappy about giving Google so much information about them and their business.

A new Anti-Spam solution is critical

Since email spam filtering is a critical business system, there cannot be a gap between the termination of the Postini service and the implementation of a new spam filter. Due to the volume of spam emails now being sent, inboxes are likely to be swamped with spam the second the Postini service expires. Spammers are likely to seize the opportunity and send out even more emails hoping to capitalize on the gap in service that many companies may experience.

Changing provider is a pain. Small enterprises are typically short staffed and switching any service provider means a lot more work needs to be done. When staff are already stretched and overworked, the time needed to assess new service providers and install and test a new Anti-Spam system must be found from somewhere.

It doesn’t take a long time to change an MX record, but changes allow errors to creep in. If a period is entered in the wrong place it could result in the email system grinding to a halt. Email crashes can take a long time to resolve.

Postini’s exit from the email filtering market may not be a shock, but Webroot customers are likely to have one. They too will have to find a new Anti-Spam service provider. It would appear that by the end of 2013, Webroot will also be pulling the plug on its anti-spam products.

SpamTitan is the natural choice for soon to be ex-customers of Webroot and Postini

SpamTitan email filtering solutions are an ideal alternative for Webroot and Postini customers. SpamTitan is an up and coming company that is growing at an impressive rate. The company has now topped the honors list in recent industry awards – SpamTitan has just been voted the Number 1 Anti-Spam solution in July’s Virus Bulletin Test – and in addition to an impressive catch rate and low false positive rate, its anti-spam solutions represent excellent value for money.

SpamTitan advantages

Businesses located in over 100 countries around the world have adopted SpamTitan as their preferred Anti-Spam solution. The company’s products are highly effective at blocking spam email, with SpamTitan filters preventing 99.97% of spam emails from being delivered thanks to the powerful dual AV engines at the heart of the software. Tests have shown a false positive rate of virtually 0%, and additional protection is also provided by an anti-phishing module.

Summary of benefits of SpamTitan Anti-Spam solutions

• Catch rate of over 99.97% – Fewer spam emails will be delivered
• Virtually 0% false positive rate – Genuine emails will not be caught in its filter
• Dual AV engines employed– Bitdefender and Clam Anti-Virus stop more spam
• Anti-phishing capability – Anti-phishing protection to prevent malware infections
• Multiple deployment choices – Choose from ISO, SpamTitan on Demand, and VMware
• Competitive prices offer cost savings over competitors
• Seamless migration from existing Anti-Spam service providers
• Excellent customer service

For further information on migration, pricing, and implementation timescales, just give the SpamTitan team a call.

Refuse to Pay a Ransom: Expect a Wave of Phishing Attacks

by G Hunt | June 20, 2012 | Spam News

Ransomware is all the rage these days. Employees are fooled into downloading malware onto work computers, and hackers lock company data with powerful encryption software. Once encrypted, the data can only be accessed by using a security key. Unfortunately, they are all held by the hackers and will not be released unless a ransom is paid. Agree to pay the ransom and the data will be unencrypted. There is no guarantee that this will happen of course, but companies are often given no choice.

Ransoms are also demanded following the theft of corporate data. The criminals responsible are not looking to use the data personally. They just want a quick and easy payout. AmeriCash Advance, a well-known U.S. Pay Day loan provider, was recently attacked and had customer data stolen by a hacking group called Rex Mundi.

The group asked for a ransom to be paid, but AmeriCash refused to give in to the demand for $15,000. The company had been warned that if it didn’t pay up the stolen data would be posted online. Loan applicants and the company’s customers would then have their financial information sent out via Twitter and social media networks. This would place those individuals at a high risk of suffering fraud, having their identities stolen, or being targeted by phishers and scammers. That would likely result in customers taking their business elsewhere.

The refusal to pay means that is likely to now happen. Previous applicants for loans and AmeriCash customers must therefore be on their guard.

How much risk do victims face?

The level of risk depends on the data that have been stolen. If credit card numbers, full bank account information, Social Security numbers and account logins have been compromised, the risk of identity theft and fraud being suffered will be very high.

Any individual affected would need to put a credit freeze on their accounts, register for credit monitoring services and be extremely careful responding to emails and divulging any information. In the case of the latest attack, individuals had the last four digits of their Social Security numbers exposed, the amount of money they requested or had had loaned, and their names and email addresses. In this case only a small quantity of data was stolen and, although customers are still at risk, it could have been a whole lot worse.

Any person in possession of the data is unlikely to be able to steal the identities of the victims without obtaining further information. The first 5 digits of the Social Security number for example along with a date of birth. Criminals who have purchased data will likely attempt to obtain the further details they need. For that they will use phishing scams. These aim to fool users into revealing sensitive information and the campaigns can be very convincing.

What can be done to reduce risk following a successful cyberattack?

According to a report on CNet, AmeriCash did what all companies should to. The company made sure that its systems were secured to prevent further attacks. The relevant authorities were contacted and law enforcement agencies were notified.

Customers also needed to be advised that their data have been compromised and warned of the risk of phishing campaigns. That process was also performed.

Offering affected individuals free credit monitoring and identity theft resolution services can help reduce fallout. Some state laws demand that this is offered if Personally Identifiable Information (PII) or Protected Health Information (PHI) is exposed.

It is also wise to increase security measures to prevent future attacks. Web filtering solutions and anti-spam protection can reduce the risk of suffering data breaches. It can also prevent employees from falling for phishing campaigns that give hacking groups the information needed to gain access to corporate networks.

SpamTitan to Benefit from Webroot Email Security Market Exit

by G Hunt | February 23, 2012 | Spam News

Following the news that Boulder-based Internet security company, Webroot, is set to leave the email security market, many IT security professionals have started looking for an alternative solution to deal with their organizations’ spam problems. A great many IT security professionals will be sorry to lose Webroot email security products, having relied on their protection for a number of years. Webroot email security solutions were popular and effective.

Two months previously, Webroot was reported to be looking to leave the email security market, and is to retire support for its products as 2013 comes to a close. A lack of support means a change will be necessary for any company currently running Webroot email security solutions if they are to keep their email systems protected. Fortunately, SpamTitan is well positioned to take up the reins.

The company offers industry leading cloud-based anti-spam service tailored to the needs of individual businesses. Not only do the company’s products boast a high success rate – blocking over 99% of spam emails – they also have a very low false positive rate.

SpamTitan also boasts one of the most competitive pricing models of any anti-email spam service. With IT security budgets stretched to breaking point already, this will come as very welcome news to CIOs, CISOs and IT security professionals.

SpamTitan Enterprise Anti-Spam Solutions

To date, SpamTitan has been deployed in over 100 different countries around the world, with IT security professionals choosing the company’s products for their exceptionally high spam catch rates. The products have consistently scored highly in independent anti-spam tests, and boast a catch rate in excess of 99.97%. The high catch rate is achieved, in part, by using dual AV engines. This ensures that if one engine fails to catch a spam message or phishing email, there is an excellent chance that the second engine will. The two industry-leading AV engines used by SpamTitan are those developed by Bitdefender and Clam Anti-Virus.

Additionally, the products have a false positive rate of virtually 0%, with next to no genuine emails mistakenly caught up in the spam filters. Businesses can therefore use the products with confidence, knowing that important, genuine emails will be delivered to the correct recipients. As a result, IT professionals will not be bombarded with requests by employees to look for expected emails that have not been received.

SpamTitan is much loved by users because of the ease at which the company’s solution can be implemented. System administrators love the products for the easy-to-use interface and level of customization possible. This allows tweaks to be made to suit each organization’s needs and requirements. Multiple deployment options are also offered, such as ISO, Vmware, in addition to the ever popular SpamTitan On Demand.

The products also boast excellent protection from phishing emails thanks to a powerful and robust anti-phishing email module. Phishing emails are a growing threat to network security, and with higher volumes of malicious emails now being sent, this is a very important feature to help ensure network security.

Need to Switch from Webroot to Another Anti-Spam Service Provider?

Any organization looking to make the switch from the soon-to-be unsupported Webroot to a new anti-spam solution provider should contact SpamTitan to discuss the options available. Advice can be offered on migration from Webroot and other anti-spam providers to ensure a seamless transition.

New SpamTitan customers also benefit from a totally free 30-day trial period, with prices starting from as little as $395 per month.

Further information on anti-spam, anti-phishing, and web-filtering solutions can be obtained by emailing the Customer Service team on info@spamtitan.com

Email Security Alert Issued as Fake Firefox Update Scam is Discovered

by G Hunt | August 7, 2011 | Spam News

Firefox is a popular web browser created by a global non-for-profit organization. It boasts excellent controls against viruses and has proved popular for its security features, anti-tracking functionality, and its speed. However, as with all web browsers, it requires frequent updates to remain 100% virus-free.

Updates must be installed promptly to keep the browser secure. Users are alerted to these new updates as and when they are released, and installing them is a quick and simple process.

These updates are announced via the browser. Users of Firefox are not emailed reminders to update their browser to the latest version. That said, a number of emails have recently been received by users of Firefox alerting them to the urgent need to download the latest version of the browser. These emails are part of a fake Firefox update scam.

Fake Firefox Update Scam Discovered

If you receive an email telling you to update your Firefox version “for security reasons” you will not be alone. Many other users have received similar emails. These are not genuine. They are part of a new email spam campaign that attempts to fool recipients that their browser is out of date and an update is essential.

To make it as easy as possible to install the necessary security protections, a handy link is included in the email. This will take the user to the Firefox website where they can download the latest version of the web browser. However, be warned. The link is fake, and by clicking the link and attempting to improve security, all you will be doing is downloading a Trojan to your device. That Trojan will be used to steal your passwords.

This is a common tactic used by email spammers. Emails are sent which contain important information on security updates to fool the unwary into downloading malicious software. The emails play on data security fears and warn of repercussions for not taking the requested action. Many email recipients are fooled into clicking links or opening infected attachments as a result.

SpamTitan regularly issues warnings about the latest spam campaigns, fake emails and new malware as they are discovered. Internet users are instructed to take precautions to protect themselves against these attacks.

Fortunately, there are some very easy steps that can be taken to reduce the risk of attack via email. Receiving a spam or phishing email will not compromise your system (generally speaking) unless an action is taken, such as opening an email attachment or clicking on a link supplied in the email. Consequently, protecting yourself from attack can be quite straightforward.

SpamTitan Financial Preservation Tips

Don’t give hackers the data they need to empty your bank accounts and max out your credit cards. Follow the simple instructions below and you can protect your hard earned cash.

1. Do not open any suspicious attachments sent to you by email and do not download them to your computer. You must be sure of the genuineness of an attachment before you open it
2. Do not click on links to websites that you do not know
3. Check all links before clicking as they may have been faked. Hover your mouse arrow over the link and you will find out where that link will direct you. If you are unsure, never click
4. Check the ‘From’ field. The name may be familiar, but the email address from which the email has been sent may not be. Do not take any chances. The ‘From’ field can easily be faked
5. If you have not requested a new password, never click on a link that asks you to reset it
6. Never divulge sensitive information in an email, even if requested to do so. IT departments and legitimate web service providers will never ask for your login details and passwords to be sent by email
7. Always keep your anti-virus and anti-malware definitions up to date. They are released on a daily basis and sometimes every few hours. Set your software to download these automatically
8. Install a spam filter to prevent spam and phishing emails from being delivered to your inbox