titanadmin - Page 15

Cryptowall 3 Ransomware Rakes in Millions

by titanadmin | Nov 27, 2015 | Spam News |

Cryptowall 3 ransomware is the latest incarnation of the Trojan that first appeared in the latter half of 2014. This variant was discovered earlier this year and it has been used to extort millions out of individuals and businesses.

The threat from ransomware is growing

Ransomware infections have been reported much more frequently in recent months. A fortune has already been spent undoing the damage caused. Unfortunately, since the malware is evolving, it can be difficult to block.

Cryptowall 3 ransomware is very similar to previous incarnations and operates in a very similar fashion. The problem is that the algorithm it uses to obfuscate the dropper, which is applied three times, differs from Cryptowall 2. This makes it harder to identify.

Cryptowall 3 ransomware employs multiple dropper files and contains a number of different exploits. Once initiated, code is injected into a new explorer.exe process which installs the malware while disabling system protections. Malicious code is then hidden in a new SVChost.exe process.

The malware collects a considerable amount of data from the host computer, obtains an external IP address, establishes a connection, and registers the machine with the hacker’s command and control center. A POST request is made and the main Cryptowall 3 thread is initiated.

Cryptowall 3 ransomware subsequently encrypts certain file types on mounted network drives and local drives using public-key cryptography. The key to unlock the encryption is only stored on the hacker’s server. The victim is then advised to pay a ransom to have the infection removed and files unlocked. Failure to respond will see files locked forever or permanently deleted.

Cryptowall 3 ransomware is spread via email spam

Cryptowall 3 ransomware is primarily, but not exclusively, spread via spam email. The email contains a zip file attachment which houses an executable file. If the executable file is run, it installs the malware on the host computer. Videos, text files, and images files are then encrypted with its RSA2048 algorithm. Users often have files created on the desktop instructing them how to unencrypt their computer. Once infected, users are given approximately 7 days to pay the ransom, which is commonly $500 in the form of Bitcoins (2.17).

There is no guarantee that payment will result in the encryption being removed, although oftentimes it is. Payment certainly does not mean all traces of the malware will be removed from the infected machine. Users are often allowed to decrypt certain files to prove that the criminals behind the campaign can actually make good on their promise.

Victims are usually given little alternative but to give into the hacker’s demands, unless they want to lose all the files that have been encrypted.

Millions have been obtained from Cryptowall 3 ransomware infections

Cryptowall 3 ransomware has spread rapidly and the malware has already claimed tens of thousands of victims. The malware was only discovered in January 2015, yet already the criminals behind the infections have managed to obtain an estimated $325 million in ransoms according to Cyber Threat Alliance (CTA) figures. The ransoms have been tracked via Bitcoin payments, although the system used to assess criminals’ profits is somewhat unreliable. The figure of $325 million has been confirmed, but the total profits from Cryptowall 3 ransomware infections could well be double that total.

Cryptowall 3 ransomware infections usually start with a phishing campaign. The phishing campaigns usually contain an attachment with an innocent looking name, such as “invoice” or “fax”.

Drive-by attacks have been known to install the malware. These take advantage of security vulnerabilities in browser plugins. Exploit kits such as Angler are also used.

Fortunately, it is possible to train employees to be more cautious and not to open file attachments sent from unknown individuals. However, the emails may appear to have been sent by a friend, relative, or colleague inside their company.

Training should be provided to employees and company-wide warnings issued. However, the best defense is to prevent the ransomware from being delivered to inboxes. If SpamTitan Anti-Spam solutions are implemented, Cryptowall 3 ransomware email spam will be blocked and quarantined. End users will then be prevented from accidentally installing the malware.

Electronic Frontier Foundation Phishing Website Taken Down

by titanadmin | Nov 18, 2015 | Spam News |

Cybercriminals are using SSL certificates installed on fake domains to fool users into thinking that the websites are genuine. The websites often use names that closely resemble a well-known brand. We have previously reported that criminals have been using domains containing typos to obtain website traffic and fool the unwary; however, it is also common for domains to be purchased using a well-known company name with additional words added to the end.

Because the websites contain the brand name, many visitors will be fooled into thinking that the websites are genuine. This is even more likely if a website has a valid SSL certificate and displays a padlock next to the URL. This is seen as a sign by many consumers that the website is real. A SSL certificate can no longer be trusted. It is only one indication that a website is genuine. Many new websites are offered a free SSL certificate.

Electronic Frontier Foundation phishing scam brought to an end

One website that has been fooling visitors into thinking the site was official is believed to have been set up by the cybercriminals behind the Pawn Storm phishing campaign: A group of hackers known as APT28. The group, which has links to the Russian government, used the brand name of the Electronic Frontier Foundation as part of a phishing campaign.

The Electronic Frontier Foundation phishing campaign used a .org website with the domain name, ElectronicFrontierFoundation. The official site used by the company is also a .org, but just uses the company’s initials: EFF.

The Electronic Frontier Foundation phishing site was not used to obtain bank account or credit card details, instead it was used to spread malware. The fake site was discovered to contain malware that exploited a zero-day vulnerability in Java software.

Electronic Frontier Foundation was alerted to the existence of the website and issued a complaint to the UN’s World Intellectual Property Organization (WIPO) – an organization that helps protect the intellectual property rights of corporations. After assessing the compliant, WIPO ruled that Electronic Frontier Foundation was entitled to take control of the domain, which has been ordered to be transferred to the non-profit digital rights group. Once that happens, the site will no longer pose a threat and ownership will be transferred from an individual based in Bali, Indonesia.

Organizations believing their copyright has been infringed can attempt to claim a registered domain by following the Uniform Domain-Name Dispute-Resolution Policy (UDRP) set up by ICANN. However, it can take a long time for the process to be completed. All the time that a fake domain is active it can result in a loss of income for the company concerned. Many customers or potential customers could have malware installed or be defrauded until the matter has been addressed and ownership of the website transferred.

In a case such as this, the domain name and SSL certificate made the website appear 100% legitimate, which no doubt resulted in many people having their computers infected with the malware.

BELCO Email Scam Warning: Bermuda Electricity Company Customers Targeted with Ransomware

by titanadmin | Nov 10, 2015 | Spam News |

Bermuda residents and holiday home owners have been put on high alert after a new BELCO email scam has been uncovered. A warning has now been issued by the company after some customers were targeted by scammers and were sent malware-infected emails from the company’s email domain.

BELCO, the Bermuda Electric Light Company Limited, supplies electricity to homes in Bermuda and is the only supplier in the British Overseas Territory. All individuals who own or rent a property on the islands are at risk of receiving a spam email that could potentially infect their computer, mobile phone, tablet or laptop with malware.

The type of malware sent in the spam emails is a form of ransomware. This type of malware is particularly nasty as it will allow the perpetrators of the campaign to lock files on an infected computer and potentially also on a business network to which the device connects. The malware delivered in the BELCO email scam can also cause corruption of computer files. The criminals behind the campaigns have designed the malware to give victims little choice but to pay the ransom.

Critical files are encrypted via the ransomware to prevent the user from gaining access. The only way of regaining access to the files is by restoring them from a backup or by paying a ransom to the criminals behind the campaign. Once a ransom has been paid, the criminals behind the BELCO malware attack will supply a security key that can be used to unlock the data. There is no guarantee that the security key will be provided once the ransom has been paid and it is conceivable that the criminals could continue to extort customers who give into their demands.

On a personal computer, files such as personal documents or family photographs could potentially be encrypted and lost. For business users the risk is even higher. Without access to critical files, all business could effectively grind to a halt. Even when a backup can be used to restore the ransomware-encrypted files, significant losses could be suffered. Performing a full restoration of data takes time and unless a backup was made just minutes before files were encrypted, some data will invariably be lost. Customers will also experience disruption to services while remediation takes place and systems are restored.

BELCO email scam uses legitimate company domain

The BELCO email scam uses a common technique to fool targets into installing malware on their devices. Criminals have been using email to deliver malware for many years, but they are now getting very good at creating highly convincing campaigns. It is becoming much harder to identify a spam email containing malware.

What makes this campaign particularly convincing is the emails appear to have been sent from the BELCO.bm domain. Even an individual who has adopted email security best practices, such as checking the sender’s address before opening an attachment, may be fooled into installing the malware contained in the email.

The email informs the recipient of an unpaid electricity bill and includes a warning that electricity will be cut off if the bill is not paid promptly. In order to find out how much money needs to be paid customers are required to open the attachment. Doing so will result in the malware being installed.

The email was sent from the address billerz @belco.bm. The domain is correct, although there is no official billerz address used by the electricity company. A warning sent to customers advises that any legitimate bill sent by the company will come from ebilladmin @belco.bm.

Simply receiving the email will not infect a computer but it is imperative that the attachment is not opened under any circumstances. Any customer receiving the email should delete it immediately from their inbox or spam folder. They should then ensure it is also deleted from their deleted email folder.

Identifying spam and scam emails

The BELCO email scam is convincing. It could easily pass for a genuine email if the recipient of the email is not particularly security conscious. There are tell-tale signs that it is a fake.

• The email address differs from the one usually used by the company to send electronic electricity bills
• There is a threat contained in the email – Immediate action is required to avoid unpleasant consequences
• Insufficient information is included in the email body, requiring the user to open an attachment
• The email address contains an odd spelling not typically used by a reputable company – billerz

Individuals, and especially companies, should consider implementing additional controls to prevent emails such as this from being delivered. Using a spam filtering solution will prevent the vast majority of spam and scam emails from being delivered. As more phishing and spam emails are being sent, and the perpetrators are becoming more skilled at creating convincing campaigns, this is one of the best defenses to prevent accidental malware infection. The cost of an Anti-Spam solution will be considerably less than the cost of a ransom to unlock vital data.

IBM Softlayer Discovered to Be Biggest Spam Hosting ISP

by titanadmin | Oct 23, 2015 | Spam News |

Softlayer Rated Biggest Spam Hosting ISP by Spamhaus

According to a new report by the not-for-profit anti-spam organization, Spamhaus, the biggest spam hosting ISP is Softlayer, the IBM-owned cloud computing provider. A reported 42% of the ISP’s outbound emails have been discovered to be spam.

The report, issued on Wednesday, shows the ISP to be the current biggest offender, found to be supporting spammers and hosting numerous malware operations. The extent of the company’s emails found to be spam is astonishing, making it the undisputed champion of spam. Spamhaus has recorded over 685 separate spam issues on Softlayer, almost three times as many as the ISP in second place, Unicom-sc, which has had 232 reported spam issues.

Typically, the biggest web hosting companies and internet service providers do not feature so highly in the spam list, as they tend to employ numerous measures to prevent their servers being used by spammers and internet criminals. While Softlayer has not featured so highly in the past, recently it has been rising up the rankings, even though it does make efforts to fight spammers and implements controls to prevent them from using its servers.

In recent years the company has increased efforts to keep spammers at bay, and has taken firm, decisive action when reports of spamming have been received. But this has not proved to be sufficient.

It would appear that the ISP is now being targeted by Brazilian cybercriminals who are using its services to send out high volumes of spam emails and host numerous malware-infected websites. Softlayer is understood to have relaxed its criteria and vetting processes recently in an effort to attract more business; which does appear to have been successful, albeit for the wrong kind of business.

Spamhaus also pointed out that it has received requests to have Softlayer removed from its listing, but will only do so when it is clear that all of the issues have in fact been resolved. Spamhaus pointed out that cyber-criminals from Brazil were so active that “many listed ranges were being reassigned to the same spam gang immediately after re-entering the pool of available addresses.” The report went on to say, “these specific issues would not be removed until Softlayer was able to get control of the overall problem with these spammers.”

Softlayer has responded to the new number 1 ranking, saying affirmative action is being taken to tackle the issue. Communications Director, Andre Fuochi, recently told Krebsonsecurity, “We are aggressively working with authorities; groups like The Spamhaus Project, and IBM Security analysts to shut down this recent, isolated spike.”

Unfortunately, while action is being taken, it is not fast enough to stop the spammers. As soon as accounts and websites are shut down, more are created. Users are able to provision and de-provision sites and applications cheaply and quickly, which is why the ISP is struggling to stop spam emails from being sent and malware sites from being created.

Cloudmark recently confirmed Spamhaus’s rating, saying the Softlayer network was the largest single source of spam in the world during the third quarter of this year. The spammers and scammers will always find a home somewhere, but to find it at a company owned by IBM must come as a major embarrassment. IBM is, after all, a major player in the software security market.

Bank Phishing Scheme Nets Hackers Over $3.5 Million

by titanadmin | Oct 21, 2015 | Spam News |

A bank phishing scheme operated by a Moldovan man has resulted in $3.55 million being transferred from the bank accounts of a Pennsylvania mining company – the Penneco Oil Company Inc. – according to federal prosecutors.

The perpetrator of the campaign, Andrey Ghinkul, 30, has been charged following his recent arrest in Cyprus. He is awaiting extradition to the United States, with a hearing scheduled for next week.

The phishing campaign was sent out to numerous companies, with a number of recipients reportedly opening the email, only to have their computers infected with Bugat malware. Bugat Malware is a little known form of malware, operating in a similar fashion to the well-known Trojan Zeus.

Bugat malware functions as a SOCKS proxy server, allowing hackers to directly download and execute programs on an infected host’s computer, or upload files to remote servers. In order to escape detection, the malware communicates encrypted data with its command, and by doing so fails to trigger many traffic inspection software warnings.

The malware has been used to log information entered during online banking sessions, with Firefox and Internet Explorer browsers so far exploited. With the information obtained, hackers are able to make fraudulent wire transfers and ACH transactions. So far, small to mid-sized businesses have been most commonly targeted.

While many organizations are now looking out for Zeus infections, this new form of malware can escape detection more easily. The attacks also show how cybercriminals are diversifying their attacks in order to gain access to financial account information and avoid detection.

The phishing campaign was used to send emails to a number of recipients in U.S companies, with the emails appearing to have been sent from medical providers, indicating the recipients had received a positive diagnosis for cancer.

Bugat Malware Bank Phishing Scheme Nest Hackers Over $10 Million

According to the FBI, Bugat malware has resulted in around $10 million in funds being transferred from U.S company accounts to hackers in Russia and Belarus.

The transfers from Penneco Oil’s accounts were made possible by the malware, which recorded bank passwords as they were entered on the infected computer. That information was then used to make the transfers. The first transfer of $2.2 million was made in August 2012, with the funds being received by a bank based in Krasnodar, Russia. A second transfer was made the following month, this time the recipient account was in Minsk, Belarus.

While the transfers did go through, action was swiftly taken by the bank – Indiana, PA-based First Commonwealth – and the funds were rapidly restored. Senior Vice President of Penneco, D. Marc. Jacobs, said the bank “worked to completely restore our funds almost immediately.” In this case, Penneco had all funds restored and the bank had to cover the cost.

Should Ghinkul be extradited, the case will be heard in Pittsburgh where another attempted victim was targeted. Sharon City School District nearly lost $999,000 to a Russian account. Fortunately, that transaction was successfully blocked.

iTunes Email Scam Tricks Users into Revealing Credit Card Numbers

by titanadmin | Oct 19, 2015 | Spam News |

A new iTunes email scam has been uncovered which attempts to trick users into revealing their credit card numbers, according to a recent report issued by Malwarebytes.

The latest iTunes email scam targets users of iTunes and offers them a refund for a purchase that has been made using their iTunes account, indicating they have been affected by an email scam already. In order to receive the refund, the users must provide their Apple ID, password, and credit card details so the refund can be processed.

Emails have been sent to iTunes account holders telling them that their account has been fraudulently used to purchase an app valued at £34.99 ($53), with the emails containing a fake receipt for the purchase. The app is question is provided by CoPilot Premium HD, a supposed navigation service. The receipt contains a link that the recipient of the email must click in order for their refund to be issued, if the purchase is not genuine.

There is of course no such app, and the high price is perhaps a warning that something is amiss. Unfortunately for users looking to protect themselves from fraud, the very actions they take to protect themselves will actually ensure they do become victims.

Not the Only iTunes Email Scam Recently Uncovered

This is not the only email phishing scam to have been sent to Apple users in recent weeks. Another email spam campaign attempts to get users to click a link to update their credit/debit card, which users have been informed in the email is about to expire. Users have been requested to click a link and enter their new card details, including the CSC code on the reverse of their card, as well as the new expiry date.

As with many email scams of this nature, the email is sent with a threat of account suspension if they do not comply. In this case, users have little time to respond. The email link is said to expire in one hour’s time if it is not clicked, reducing the time for users to verify if the email is in fact genuine.

They are provided with a link to store.apple.com which is seemingly genuine; however, hovering over the link will reveal that the link directs them to a different location.

There are other common tell-tale signs that the email is a fake, even though the correspondence does contain seemingly genuine Apple imagery and appears to have been sent from Apple’s customer service department. One of the most telling signs is the volume of spelling mistakes contained in the email. Any email sent by Apple is likely to have at least been run through a spell check before being used as a template for millions of Apple device owners. A sure sign that the email is not genuine.

The email contains spelling and grammatical errors such as informing the recipient that the link will “expire one hours after the email was sent.” iPhone “ore” iPads is another, and feature is spelled “feauter.”

The advice to all Apple users is to take time to carefully read any email sent from Apple, and to attempt to verify any request to provide ID numbers or financial information.

U.S. Postal Service Not Dealing with the Phishing Threat

by titanadmin | Oct 16, 2015 | Spam News |

It has now been over a year since the U.S Postal Service was affected by a phishing campaign that resulted in the exposure of the personal information of 800,000 current and former workers, yet the postal service is still not effectively dealing with the phishing threat. Employees have been tested, and they are not identifying phishing emails.

Postal Service Employees are at Risk of Falling for Phishing Emails

The network data breach of 2014 occurred as a result of employees falling for spear phishing campaigns, which allowed criminals to gain access to postal service networks containing sensitive data. The data thieves were able to gain access to the network and exfiltrate data without meeting much in the way of resistance. It would appear that if a similar campaign was conducted again now, even more data may be exposed.

The Office of the Inspector General (OIG) recently took the decision to put postal service workers to the test, to determine whether lessons have been learned since last year. In total, 3,125 fake phishing emails were sent to employees of the U.S Postal Service to determine whether they were actually able to identify a potential phishing campaign.

There was some good news. 75% of workers were able to resist the temptation to click on the phishing links in the emails. The bad news was 25% did click. Unfortunately, all it takes is for one person to respond to a phishing email for criminals to gain access to data. 780 responses to fake phishing emails shows risk is not being effectively managed.

However, perhaps worse still, was the lack of compliance with policies that had been put in place in the wake of last year’s successful attack. For instance, the postal service’s Computer Incident Response Team should be alerted if a suspicious email is received by workers, yet only 7% of employees did so during the test.

The reason is perhaps quite easy to explain. Only 4% of staff had completed the Postal Service cybersecurity training course, so presumably were unaware of the policy of reporting suspicious emails, if they were in fact able to identify them as suspicious.

OIG Report Shows Postal Service is Not Dealing with the Phishing Threat

The OIG report on the cybersecurity test stated that awareness training does have a positive impact, and can substantially reduce the risk of employees responding to a phishing campaign. Research shows training can reduce security-related risks by as much as 70%.

Policies must of course be turned into procedures, and the staff must receive training. The OIG said, “When management does not require all employees with network access to take annual information security awareness training, users are less likely to appropriately respond to threats.”

One of the main problems for organizations trying to tackle the threat of phishing is the fact that criminal organizations and hackers are developing ever more complex and convincing campaigns to fool users into opening malware-infected attachments and visiting links to malware-infected websites. However, if training is not provided to the staff, even uncomplicated phishing campaigns could well succeed.

At present, only new members of staff and CIO office members are required to undergo annual cybersecurity training: That is not the most effective way of dealing with the phishing threat. However, in response to the OIG report, the Postal Service will be implementing new training policies by April 2016.

FTC Issues Warning over Gaming Email Phishing Scam

by titanadmin | Oct 14, 2015 | Spam News |

The Federal Trade Commission has issued a warning over a new gaming email phishing scam that targets video game players and takes advantage of their love of the games to get them to divulge their account information.

Gamers invest considerable time and money into buying add-ons and developing gaming characters; however, the fear of loss of their gaming account is seeing many fall for the latest scam.

Cyber Criminals Opt for Gaming Phishing Email Scam

Hardcore gamers are not difficult to find, having registered on forums and gaming websites, providing their email addresses and other information about their gaming habits. Once criminals obtain email addresses of gamers, they are sent fake emails from gaming companies suggesting they have been discovered to have sold gaming items or characters for real money, and by doing so have violated the rules of the game.

Consequently, the users are threatened with account suspensions, or in some cases, legal action. A number of emails have been received by gamers with threats that they will be sued for amounts up to $2,700 for repeated violations of gaming rules and regulations. The intention is not to get the users to part with that money, but to get them to reveal details of their bank accounts or credit cards used to make purchases.

Users are often fooled into responding out of fear of losing their accounts or being suspended or banned from their favorite games. The email campaigns can also be highly convincing, using templates that appear legitimate, often including company logos and names the users may be familiar with.

The scammers have been targeting users of some of the most popular online games, such as World of Warcraft and Diablo III, both produced by Blizzard Entertainment, although the scam is not restricted to players of these games. The volume of emails sent to gamers, and complaints received, has resulted in Blizzard emailing users to tip them off to what it called “rampant scams.”

The FTC has also got involved, issuing a warning of its own. According to the FTC warning, targets are advised that they should check the status of their accounts and challenge the suspension if they have done no wrong. They are supplied a link for this purpose and are required to fill in a ‘verification’ form.

They are then asked to enter information in order to confirm their accounts and identities, and must reveal account and financial information. The perpetrators of the scam then empty their accounts.

This is not the only technique used by online fraudsters to get users to reveal their credentials. Gamers are being sent spam emails asking them to login in order to receive free gifts and exclusive game add-ons, with users requested to click a link in the email to login in order to claim their prize.

It is not always essential that account details are entered in the online forms to which the users are directed to. The links contained in the emails can direct the users to malware-infected websites. Malicious software is automatically downloaded to the users’ computers, allowing the perpetrators to gain access to the device and trawl files looking for personal information such as bank account details, login names and passwords.

Gamers have been warned to always try to verify any such emails, and not to click on links, open attachments or use the contact details provided. All requests that are out of the ordinary should be independently verified with the company concerned, using the gaming website’s contact information.

Symantec Says Email Spam Levels at 12 Year Low

by titanadmin | Oct 12, 2015 | Spam News |

There has been some good news reported recently that indicates email spam levels are now at the lowest point seen in the past 12 years. According to a report issued by Security company Symantec, spam emails fell to 49.7% of all emails sent in June this year. Spam email levels fell further still in July, dropping to 46.4% of total email volume. Symantec also reported that the volume of phishing campaigns also saw a fall in June.

A number of reasons have been cited for the fall in spam levels, including bringing a number of spammers to justice and closing down their criminal networks, in addition to shutting down a number of rampant botnet networks, many of which were located in the United Kingdom.

The botnets were identified by UK police forces which orchestrated a number of takedowns. UK and European internet service providers had been collaborating with the police and passed on information on suspected botnets, helping to reduce the effectiveness of the networks, ultimately leading to many being shut down.

While this is good news, this does not mean there has been a reduction in risk. Phishing schemes may have seen a small drop in June, but the number of malware variants now being discovered has increased dramatically. The variation in malware is causing a problem, as the malicious software is becoming harder to identify. The extent of the increase in variants is considerable. In just two months the number of malware types had almost doubled from 29.2 million in April to 57.6 million pieces of malware caught by Symantec in July. This is the second highest figure reported in the past 12 months, with only November 2014 seeing more malware attacks caught (63.6 million).

The attack landscape is constantly changing, with cybercriminals now diversifying their attack vectors. Ransomware for instance, is becoming more popular. Just under half a million attacks (477,000) were thwarted by Symantec in June, with the volume of ransomware having risen for two months in a row.

While cyber criminals based in the UK and United States may be diversifying attack vectors, hackers in other countries still favor email spam, with eastern Europe and China still seeing huge volumes of spam emails being sent. It is certainly not a time to let one’s guard down or become complacent about email spam.

Businesses Still Receiving High Volumes of Spam Emails

Overall, levels of spam may have fallen, but small to mid-sized companies are still seeing high levels of spam emails received, with the percentage of spam emails remaining above 50%. Spam email traffic to small to medium companies (those with one to 250 employees) stood at 52% in June.

Malicious emails are also still being used extensively to target organizations of all sizes. In June, malicious emails were being most commonly used against companies employing 1501-2500 individuals, with one in 164 emails recorded as being malicious in nature.

In July the figures had improved, with organizations employing 251-500 individuals the most common recipients of malicious emails, registering one email in 260 as being malicious in nature, closely followed by small organizations employing under 250 individuals, with one in 275 emails rated as malicious.

Spam emails were still being sent at high levels to particular industries, with mining and manufacturing industries receiving high levels of spam in June. Over 56% of emails received in the mining sector were spam, with the manufacturing, construction, retail and non-traditional service industries all registering spam email volumes of 53% or more in June.

The figures for July actually showed an increase in spam for some industry sectors. Mining had increased to 55.7%, with only very slight falls in spam levels in other industry sectors. Manufacturing, retail and construction all registered spam percentages above 53%.

Each of the other 6 industry sectors (Professional services, agriculture/forestry/fishing, wholesale, non-classifiable establishments, finance/insurance/real estate, and non-traditional services) all registered spam email percentages of between 51.9% and 52.5%, indicating email spam remains a major problem for most U.S. businesses.

Ponemon Institute Calculates the Cost of Phishing Attacks

by titanadmin | Oct 9, 2015 | Spam News |

The Ponemon Institute has released a new report detailing the cost of phishing attacks on U.S businesses, suggesting the average annual cost for U.S companies has now risen to $4 million. Ponemon calculated phishing attacks take an average of 23.7 days to resolve, and are having a huge impact on U.S organizations, with smaller companies often suffering the most.

Cost of Phishing Attacks & Cyber Crime Assessed

The report indicates that the biggest costs suffered as a result of cyber crime come from phishing campaigns and social engineering, which accounted for 16% of total cyber crime costs. Phishing and social engineering were found to have affected 59% of organizations, while botnets affected 66% and web-attacks were suffered by 76% of organizations.

The Ponemon study, conducted in conjunction with HP Enterprise, involved a representative sample of 58 private and public sector U.S organizations being surveyed on cyber crime and the costs of dealing with criminal attacks. The results of the study show that in the U.S, the mean annualized cost of cyber crime has risen to $12.7 million per year, with the highest total average cost of dealing with cyber crime being $15.42 million – more than double that of Germany in second place.

The study showed that organizations are having to pay between $1.6 million and $61 million per year to resolve cyber attacks. The cost of the dealing with those attacks was found to be higher for larger organizations, although the per capita costs were highest for smaller organizations.

The new 2014 Cyber Crime Report shows the cost of dealing with attacks has risen 19% in just 12 months, with the global average cost of cyber crime estimated to have exceeded $7.7 million. Some companies are having to cover costs of up to $65 million to resolve criminal attacks, which were shown to have increased in both frequency and severity during the past 12 months. Email attacks remain one of the biggest causes for concern, being one of the main methods used by criminals seeking access to computer networks.

Phishing Emails Are Proving to be Highly Effective

Earlier this year, communications company Verizon produced a report indicating phishing campaigns can be highly effective methods of attack, and suggested that all too often staff training efforts are not particularly effective.  Many organizations are now providing staff with information on how to identify phishing emails, yet this information does not appear to be retained. The study found that 23% of individual who received a phishing email opened it, and an alarming 11% of recipients clicked on the link contained in the email or opened the attachment.

The provision of training manuals on phishing to employees can be effective, but retention of information tends to be poor. The Ponemon study did suggest that one of the best methods of training staff how to identify phishing emails is to provide examples, indicating the sending of simulated phishing emails was particularly effective at reinforcing training, providing up to a 37% return on investment.

With phishing emails representing such a substantial proportion of cyber security costs, and training proving not always particularly effective at substantially reducing the risk of attacks being successful, greater efforts should be put into intercepting phishing emails and preventing them from being delivered to recipients’ inboxes. For that, a robust and effective email spam filter is required.

Level of Email Spam and Botnet Infection Quantified

by titanadmin | Oct 8, 2015 | Spam News |

Although many reports suggest that email spam is reducing, email spam and botnet infection is still a major issue for most U.S organizations and individuals – with criminal practices netting cybercriminal gangs billions of dollars every year.

Determining the infection levels and the volume of spam being sent was one of the missions of the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG). M3AAWG, is a global organization tasked with promoting cybersecurity best practices and fighting organized internet crime. M3AAWG was formed a decade ago by a number of leading internet service providers, with the goal of improving collaboration and sharing knowledge to make it harder for criminals to spam account users. By reducing the impact of email spam on individuals and organizations, ISPs would be able to better protect users, IPS’s email platforms and their reputations.

Quantifying Email Spam and Botnet Infection a Complex Task

It was discovered that quantifying email spam and botnet infection levels was a complex task; one that was only possible with collaboration between internet service providers. As a result of this collaboration, the organization has produced reports on the global state of email spam and botnet infection. Its latest analysis suggests that approximately 1% of computer users are part of a botnet network.

The data gathered by M3AAWG involved assessing 43 million email subscribers in the United States and Europe.,The data analysis showed that IPS’s typically block between 94% and 99% of spam emails. The company’s report suggests that on the whole, IPS’s do a good job of blocking email spam.

The figures look impressive but, considering the huge scale of email spam, billions of spam emails are still getting through to users, with financial organizations and other companies now being regularly targeted with spam and malware.

Email spammers are well funded, and criminal organizations are using email spam as a means of obtaining tens of billions of dollars each year from internet fraud. Spam emails are sent to phish for sensitive information, such as bank account information, credit card details and other highly sensitive data including Social Security numbers. Accounts can be emptied, credit cards maxed out and data used to commit identity theft; racking up tens of thousands of dollars of debts in the victims’ names.

In years gone by, email spammers concentrated on sending emails randomly to accounts with offers of cheap Rolexes, Viagra, potential wives and the opportunity to claim an inheritance from a long lost relative. Today, spammers have realized there are far greater rewards to be had, and emails are now sent containing links to malware-infected websites which can be used to compromise users’ PCs, laptops and Smartphones, gaining access to highly sensitive data or locking devices and demanding ransoms.

Some emails may still be sent manually, but the majority are sent using botnets. Networks of infected machines that can be used to send huge volumes of spam emails, spread malware or organize increasingly complex attacks on individuals and organizations. The botnets are available for hire, with criminals able to rent botnet time and use them for any number of reasons.

Many of the attacks are now coming from countries where there is little regulation and a very low risk of the perpetrators being caught. Countries in Africa, as well as Indonesia and the Ukraine house huge volumes of cybercriminals. They have even set up call centers to deal with the huge volume of enquiries from criminals seeking botnet time to orchestrate phishing and spamming campaigns. Tackling the problem at the source is difficult, with corruption rife in the countries where the perpetrators reside.

However, it is possible to reduce spam level, and the risk of employees falling for a scam or downloading malware by installing a robust email antispam filter, reducing the potential for spam emails and phishing campaigns getting through to individual accounts.  According to Verizon, 23% of users open phishing emails and 11% open attachments and click on links. Stopping the emails from reaching users is therefore one of the best methods of defense against attacks.

LinkedIn Email Spam Lawsuit Results in $13m Payout

by titanadmin | Oct 6, 2015 | Spam News |

Lawyers representing plaintiffs affected by spammy marketing practices by business networking website LinkedIn have reached a $13 settlement in a California court, with the LinkedIn email spam lawsuit likely to result in users of the website receiving a payout of around $10 per person.

Lawyers argued that the marketing practices used to attract new users breached California’s common law right of publicity and constituted unfair competition, with millions of users having had their privacy violated. The class-action lawsuit was filed in September 2013 and lasted two years before LinkedIn agreed to settle the case without admission of liability. LinkedIn claimed no wrongdoing and that its business practices broke no laws.

Alleged Spammy Marketing Practices used by LinkedIn to Attract New Users

Users of LinkedIn are permitted to import contacts from email accounts such as Gmail. Users electing to “Add Connections”, will generate an email that is sent to their contacts list inviting those individuals to connect and sign up for an account with the website.

Site users were asked before emails were sent to their imported email contacts, but they were not advised about a further two emails that were triggered if their contacts did not respond to the original email request within a fixed period of time. The follow-up emails were reminders that the invitation was still waiting for approval.

The lawyers claimed that LinkedIn had been “breaking into its users’ third-party email accounts, downloading email addresses that appear in the account, and then sending out multiple reminder emails.” The case centered on the fact that users were not advised that this would be the case. It was claimed that the website was using the names and likeness of users to drum up more business without consent, thus breaching the privacy rights of site members.

Last year, LinkedIn petitioned U.S. District Judge Lucy Koh requesting the case be dismissed, as users had in fact given their consent for contacts to be sent emails; however, Koh ruled that while consent had been provided for one email to be sent, users had not given LinkedIn consent to send any further emails if individuals did not respond to the initial request to join the website.

Other claims made against LinkedIn were rejected, such as the breach of federal wiretap law and claims of hacking users accounts. As a result, the case was required to be resubmitted.

LinkedIn Users Invited to Submit Claims for Compensation

The LinkedIn email spam lawsuit has now been settled, although users of the site are unlikely to receive much in the way of compensation. Any user who used the Add Connections feature of the website between September 17, 2011 and October 31, 2014 have now been invited to submit claims, and have until December 14, 2015 in order to do so.

Due to the volume of individuals affected, it is probable that the payout for each affected user will be around $10. LinkedIn has agreed to add further funds – $750,000 – if the volume of claims it receives results in individuals qualifying for a payout of less than $10 a head. Linked in will also be required to cover legal fees in addition to paying the $13 million settlement.

From the end of the year, all users of the “Add Connections” feature will be informed that by doing so, they are giving their consent for their imported email contacts will be sent one email, and up to two follow-up emails if no response is received from the initial request. There will also be a new option added which will allow invitations and reminder emails to be stopped.

Threat from Phishing is the Major Concern of Health IT Professionals

by titanadmin | Oct 1, 2015 | Spam News |

The threat from phishing emails is causing Health IT professionals major headaches, and is one of the main data security concerns according to a recent HIMSS cybersecurity survey. The recent HIMSS survey was conducted on 300 healthcare IT security professionals and suggests that the increase in phishing emails is one of the main reasons why the healthcare industry is having to invest so heavily in data security. 69% of survey respondents believed that to be the case.

Phishing campaigns are now being devised that are difficult to identity, with cybercriminals investing considerable time and effort into creating highly convincing emails in an attempt to get healthcare employees to divulge their login credentials.

Threat from Phishing Keeps CISOs Awake at Night

Criminals may still be sending random email spam in an attempt to obtain credit card details and banking information, but healthcare providers are now being increasingly targeted for the high volume of Social Security numbers and other personal patient information held; data that can be easily used to commit identity theft and obtain far more than is possible with credit card numbers. According to HIMSS Senior Director of Research Jennifer Horowitz, phishing is now “the number one thing that keeps CISOs up at night.”

The survey showed that data security has become one of the main business priorities for healthcare organizations, with 87% of respondents claiming data security has increased in priority over the course of the last year. Out of the respondents that said data security is a main priority now, two-thirds believe phishing to be the main cause for concern, and the same volume of respondents claimed their organizations had already suffered a phishing or other online scamming attack.

Phishing is a technique used by cybercriminals to obtain personal information, and is used as part of a wider attack on a corporate network. If users can be convinced to visit a link to a website or open an attachment, malware is downloaded to their device. A third of survey respondents indicated they have already become the victim of such an attack this year.

One problem faced by the healthcare industry in particular is the tactics used by criminals frequently change. Phishing was a technique most commonly associated with mass spam emails sent by individuals in the hope that some email users would fall for the scams. It would appear that now individuals, or specific groups of individuals, are being targeted. Many criminals now opt for quality over quantity, and are devising campaigns to target individuals with access to the data they seek. These “spear phishing” campaigns can prove to be highly effective.

Tackling the Threat from Phishing Emails

Efforts are being made by healthcare organizations to reduce the risk of individuals falling for campaigns. Spam filtering can be effective at limiting the volume of emails that make it through to the inboxes of healthcare workers, and training is now being provided to staff to help individuals recognize the signs of a phishing email. However, it would appear that while training is sometimes provided, this is not subsequently tested in many cases. Phishing email exercises designed to test users’ ability to identify phishing campaigns are still not being used by the majority of healthcare organizations. Only a quarter claimed they are using exercises to test staff readiness to deal with the threat, and that is a recipe for disaster.

Subscribers Targeted by Netflix Phishing Scam

by titanadmin | Sep 9, 2015 | Spam News |

A new Netflix phishing scam has been uncovered which works by telling users their Netflix accounts have been closed, requiring action to regain access to the service. Doing so will give your confidential login details to the scam operators.

Netflix has 62.27 million users, making it a highly attractive target for email scammers and spammers, and consequently Netflix phishing scams are common.

Latest Netflix Phishing Scam Convinces users to Reveal their Account Details

Recipients of the fake Netflix emails are required to click a link in order to reactivate their accounts. Unknown to the victims of this Netflix phishing scam, clicking on the link will direct them to a fake Netflix page, and by reactivating their accounts they will be giving the scammers their account names, passwords, and potentially other sensitive information.

Unfortunately for Netflix users, revealing passwords for one account may also mean other online accounts are compromised. Many users share their passwords across different websites, often using the same or similar passwords for Netflix, Facebook, and a host of other sites, including online banking portals.

TitanHQ recommends Netflix users ignore the email and delete it, and certainly do not to click on the link in the email. Phishing scams such as this usually direct users to a website that has been infected with malware, and clicking the link will result in that malware being downloaded, even if no information is entered on the page.

The best course of action is to login to your Netflix account as you would normally do, by typing in the URL or using your bookmark, and check your account status directly with Netflix. In all likelihood, it will still be active.

Further Information on the New Netflix Phishing Scam

Below is a screenshot of the latest Netflix phishing scam. The email appears genuine enough, although close inspection will reveal a few grammatical errors, such as missing apostrophes and misplaced exclamation marks. However, the email could be enough to fool the unwary, and especially individuals who tend to skim read emails and click first and think later.

This phishing campaign is similar to others that have been recently sent to users of other online services. Phishing emails are devised to give the recipient a legitimate reason for handing over sensitive information, usually via webpage.

These include, but are not limited to:

• Upgrading security settings
• Performing essential system maintenance
• Verifying account details to prevent fraud
• Claiming a refund for a bill that has been paid
• Giving money back for an incorrect charge
• Offering you a free gift or service

Email scams often deliver malicious programs – malware – that has been created to steal confidential data such as account login names and passwords. Phishing campaigns are launched on social media, although email is the most common way that these scams are delivered.

Generally speaking, phishing campaigns can be categorized in three types:

Off-the-Shelf Jacking Toolkits

Criminals can purchase malware online which can be used to scam users into revealing passwords, which can subsequently be used to empty bank accounts, rack up debts, or hold people to ransom (the latter is becoming increasingly common and is referred to as ransomware). Once access is gained to an account or computer, Ransomware is used to encrypt data. The users are then required to pay a ransom to the perpetrator of the scheme in order to get their data unlocked.

These campaigns are usually opportunistic in nature, and involve millions of spam emails being sent. It is a numbers game, and some users will click on the phishing links and compromise their computers and networks.

Zero-day Vulnerability Exploits

The net is also cast similarly widely with these email phishing campaigns; however, the malware delivered is more complex, and the hackers behind these schemes are considerably more skilled. Zero-day vulnerabilities are new security flaws that have been discovered in software that have yet to be discovered by the software vendor. Consequently, patches do not exist to deal with the threat. Malware is created to exploit these vulnerabilities, which is usually delivered via an infected email attachment, although it can be downloaded when users visit a phishing website.

Spear Phishing Campaigns

These are targeted attacks that are conducted on individuals, or in some cases, organizations. The perpetrators of these schemes are skilled, and invest considerable time and effort into creating convincing campaigns. Oftentimes extensive information is gathered on the targets prior to the phishing emails being sent.

These schemes similarly use zero day vulnerabilities, and these advanced persistent threats (APT) have been used in a number of high profile attacks, such as the recent Carbanak malware attacks which have made the headlines recently.

How to Avoid Becoming a Phishing Victim

The best defense against attack is to be vigilant. Security awareness training for employees is essential. Staff members must be alerted to the risk, the consequences of clicking on a phishing link, and told how to identify scams. They should be instructed to check links before clicking (by hovering the mouse arrow over the link to check the real address).

It is also essential to keep all software patched and up to date. This applies to operating systems, applications, web browsers and other software. Software should be configured to update automatically wherever possible. Organizations should also develop concise patch management policies. Continuous security audits should be conducted and multi-layered network security controls developed.

There are a number of ways that spam and phishing emails can be prevented from being delivered to users, such as using a spam filter. Web filtering is particularly useful in prevent users from visiting known malware and phishing sites.

The XXX Domain Controversy: Was it all a Waste of Time?

by titanadmin | Aug 26, 2015 | Spam News |

In 1998, ICANN issued the first domain names and IP addresses. There were not many top level domains (TLDs) to choose from. Each country had its own domain suffix, but the choice was limited to .com, .org, .net, .edu, .mil and .gov. Over the years, a few more options have been introduced such as .me, .mobi, .tv and .biz, but the suffix that has caused the most controversy is .xxx – a TLD intended for websites containing images of a sexual nature.

The .xxx TLD was seen as a method of introducing a red light district to the Internet, cleaning it up aside from a dirty corner that could be policed and easily blocked. Some purveyors of pornography allegedly welcomed the move, while others were opposed to it.

There were protests, but the new TLD was released in December 2011, and ICM Registry – a Fort Lauderdale for-profit business – was assigned responsibility for allocating the TLDs. Incidentally, the contract for this was quite lucrative. ICM Registry expected to make in the region of $200 million per year out of the deal.

Sometimes a good idea on paper doesn’t always work out so well in practice. For instance, some companies had spent a long time building up a brand name. They operated their domain on the .com domain, had bought up the .net, .mobi, .org versions and all other TLDs to protect their brand. They did not like the idea of having to do that again with the XXX version, and neither would they be willing to move their main site over to the .xxx TLD.

Few were in favor of the new XXX TLD

Pornographers were not the only objectors to the introduction of the .xxx TLD. The Bush Administration was opposed to the release. In fact ICANN was asked to withdraw support for the proposal. Criticism of the proposal mounted and ICANN came under a considerable amount of pressure. The American Department of Commerce, that has power over ICANN, received over 6,000 complaints about the introduction of the .xxx TLD. Even politicians who had originally backed the idea in the year 2000 changed their mind a decade later. Naturally, conservative groups also applied pressure to block the proposal. It was not enough. The TLD was released – with a delay of a month – and a swathe of new porn websites were subsequently launched.

Unsurprisingly, there has not been a reduction in the number of .com porn websites on the Internet. The new domain has seen even more created. Go figure!

ICANN was subsequently sued on the grounds that it had created a monopoly and that the introduction of the TLD forced businesses to spend even more money registering domain names to protect their brands from being piggybacked. After a couple of years, the lawsuit was dropped.

Controls put in place to protect trademarks

ICM regulators created the new TLD in order to clean up the Internet apparently. The .xxx TLD was seen as a way to make it easier for people wanting to view pornography to find it (it wasn’t exactly difficult, it must be said – type “porn” into a search engine for example) and as a way of promoting a responsible attitude toward it. It would, in theory at least, eventually lead to a dedicated area where pornographic websites could be housed.

However, trademark and patent protection advocate Inventa pointed out that opposition to the new .xxx TLD was virtually universal. No one wanted it apart from ICANN (and ICM Registry).

As for the fears that domain-sitters and entrepreneurs would take advantage, there were controls to prevent this. Eligibility criteria needed to be met. A company owning the trademarked .com version of a website could purchase the corresponding .xxx TLD to use as an adult domain or to prevent others from using it. Amazon.xxx, for example, could only be bought by Amazon.com. The ICM Registry reserved it for them. If there was no trademark, the domain name could be bought by anyone.

Was it worth all the effort?

ICM Registry would be inclined to agree, but as for making the Internet a safer place for children, cleaning up some porn, and having a dedicated online red light district, that clearly hasn’t worked. The biggest names in Internet porn still use their dotcom websites and have not made the switch to XXX domains. People interested in viewing pornography do not need an .xxx TLD to be able to find it, and don’t care what the name of the website is let alone the TLD, provided it gives them what they are looking for.

It is no easier to block pornographic websites than it was before the release. Simply blocking access to XXX suffixed websites will make no discernable difference to the amount of porn that is viewable online.

Until laws are passed to force porn websites to use the XXX domain – which would be incredibly difficult to implement – the move has not been particularly effective.

The only way to block effectively access block pornography from being displayed is to use a web filter such as SpamTitan Technologies. By using real-time classification, URL filtering, blocklists, keyword filters and other tools, SpamTitan Technologies web filtering solutions prevent the websites from being viewable. Something very important for schools, universities, colleges, charities, and corporations.

Any organization believing written policies on allowable uses of the Internet are sufficient to stop inappropriate use, should bear in mind that surveys have revealed that 20% of men and 13% of women have admitted to downloading pornographic content while at work. A recent pool of 500 Human Resources professionals indicated two thirds had discovered pornographic content on work computers, and the majority of porn is viewed during office hours (between 9am and 5pm).

If you want to stop employees accessing pornography in the workplace, the only effective way of doing so is with a robust web filtering solution.

Anonymous Accusations of Fake Malware Denied by Kaspersky Labs

by titanadmin | Aug 18, 2015 | Spam News |

Former employees of Kaspersky Labs have tipped off the media to an alleged practice of faking malware. It is claimed the company used fake malware to get rival anti-virus companies to flag the programs as malicious, potentially tarnishing their reputations with numerous fake positives.

For obvious reasons, the tip-offs have come from anonymous individuals who claim to have worked for Kaspersky Labs, yet their identities naturally cannot be verified. They could in fact be employees of rival anti-virus companies. It is therefore difficult to determine whether there is any truth in the allegations. Kaspersky Labs denied the allegations, in fact Eugene Kaspersky has been quite vocal on social media and has spoken out on Twitter, vehemently denying the accusations.

In an effort to find out more, we contacted Kaspersky Labs to find out further details. We received a reply as follows:

Kaspersky Denies Fake Malware Claims

“Contrary to allegations made in a Reuters news story, Kaspersky Lab has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing. Such actions are unethical, dishonest and illegal.” Kaspersky went on to say, “Accusations by anonymous, disgruntled ex-employees that Kaspersky Lab, or its CEO, was involved in these incidents are meritless and simply false. As a member of the security community, we share our threat intelligence data and IOCs on advanced threat actors with other vendors, and we also receive and analyze threat data provided by others. Although the security market is very competitive, trusted threat data exchange is a critical part of the overall security of the entire IT ecosystem, and we fight hard to help ensure that this exchange is not compromised or corrupted.”

Interestingly though, there does appear to be a grain of truth in the accusations, with the anti-virus software giant confirming that harmless malware was in fact created and uploaded. However, this was part of a test of its own software systems, not an attempt to discredit rivals. The statement issued explained the experiment:

“In 2010, we conducted a one-time experiment uploading only 20 samples of non-malicious files to the VirusTotal multi-scanner, which would not cause false positives as these files were absolutely clean, useless and harmless. After the experiment, we made it public and provided all the samples used to the media so they could test it for themselves. We conducted the experiment to draw the security community’s attention to the problem of insufficiency of multi-scanner based detection when files are blocked only because other vendors detected them as being malicious, without actual examination of the file activity (behavior).” The story was reported at the time in the media.

Kaspersky also explained that “After that experiment, we had a discussion with the antivirus industry regarding this issue and understood we were in agreement on all major points.” Further information on cascading false positives can be found here.

“In 2012, Kaspersky Labs was among the affected companies impacted by an unknown source uploading bad files to VirusTotal, which led to a number of incidents with false-positive detections. To resolve this issue, in October 2013, during the VB Conference in Berlin, there was a private meeting between leading antivirus vendors to exchange the information about the incidents, work out the motives behind this attack and develop an action plan. It is still unclear who was behind this campaign.”

False positives are common in the internet security industry. What is not known, and probably never will be, is who creates the bad samples that lead to false positives. As Ronan Kavanagh, CEO at TitanHQ, points out,“Kaspersky is an excellent product, we have never had an issue with it, quite the opposite in fact. Of course we have seen false positives, we were targeted by bad samples as were many other security vendors but we would have no visibility on who carried out these attacks.  The critical thing is that as an industry we work together in fighting back”.

Have you discovered false positives when you have run your software security programs?

Virtually All Companies Have Been Impacted by Malware

by titanadmin | Jul 29, 2015 | Spam News |

The threat to corporate data security is higher than ever, with hackers and other cyber criminals devising ever more complex ways of gaining access to company secrets, employee data, and protected health information. IT security teams now need to monitor and track new threats like never before. Phishing emails must be blocked, employees must be prevented from visiting malicious websites, audits must be conducted to check for malware and viruses, and systems protected against keyloggers and Trojans.

The volume of new malware now being discovered is enough to keep IT security professionals awake at night, with many fearing the security of their systems. IT budgets are strained enough as it is, and the rapidly changing threat landscape is placing those budgets under even greater strain.

What Information are Cyber Criminals Trying to Obtain?

Individual hackers may attempt to break through security defenses for any number of reasons, in fact their aims are not always financially motivated. A grudge may be held against an ex-employer. Business practices may be deemed to be questionable. A company’s carbon footprint may even make it a worthy target for attack. Often the aim is to sabotage, with unscrupulous business competitors willing to employ hackers to enable them to gain a competitive advantage.

However, in the majority of cases, cyber criminals attack companies for the data they hold, which can be sold on to the highest bidder on Darknet websites or used to obtain goods, services, or cold hard cash. Data carries a high value on the black market as it can be used for a myriad of different types of fraud.

Healthcare data can be used to fraudulently obtain medical services. Insurance data used to make bogus insurance claims. Social Security numbers can be used for identity theft or to file false tax returns, and credit card details used to rack up thousands of debts in victims’ names. Corporate secrets such as product development information can be obtained and sold to competitors. The theft of that information can be used by competitors to devastating effect.

Some cyber criminals are not interested in stealing data, just in preventing companies from accessing it. If ransomware can be installed, criminals are able to encrypt an entire system and hold the company to ransom. They will only release the security keys to unencrypt data if a ransom is paid.

How Are Criminals Obtaining the Data?

Spam emails and phishing campaigns (via email, social media networks and over the telephone) are common, although one of the biggest threats to data security comes from malware. If malware can be installed on computers or servers, it can record and exfiltrate data to the hacker’s control centers. All communications can be intercepted and all keystrokes recorded. This enables hackers to obtain login names and passwords: Those used to access internal systems or online bank accounts. It is not just corporate data that is at risk. Any information stored on clients and customers can also potentially be obtained by the attackers.

Common Hacking Techniques Used to Gain Access to Data

Some of the techniques used by hackers to gain access to data include:

Cross Site Request Forgery (CSRF)

Even apparently safe websites can allow hackers to install malware or access sensitive data. This type of attack involves legitimate websites sending requests to other sites. Twitter has suffered cyber attacks involving this method, resulting in logins and passwords of site users being obtained.

Web 2.0 Application Exploits

These attacks are difficult to prevent as they are often not identified by standard anti-virus defense mechanisms. They can exploit vulnerabilities in Adobe Flash, XML, JavaScript, JSON and Xpath to deliver malware and malicious code.

Cross-Component Attacks

Take two innocent looking sections of malware code that have been installed on a website. Individually they do no harm, and can easily evade detection. However, when two appear on the same webpage they interact and infect visitors’ devices with malware.

SQL Injection

One of the most popular techniques for hacking involves the insertion of meta-characters or SQL commands into input fields on a website. The commands are able to execute back-end SQL code.

Cross-Site Scripting

Hackers can embed code in URLs which can be used to execute Javascript code on visitors’ devices when the links are clicked.

All Companies are at Risk, and the Majority Have Already Been Impacted by Malware

If you think only small to medium sized organizations are at risk from malware (due to IT security budgetary constraints) think again. Even the world’s largest corporations are at risk from malware. Earlier this year, Apple was targeted by hackers and suffered a serious malware attack. Full details of the extent of the attack were not disclosed, but a number of Apple Mac computers were compromised by the attackers.

How could the hackers install malware on the computers of such a security conscious company with exceptionally deep pockets? Via a perfectly legitimate website! Users had visited a software development website, with the hackers gaining access via an unpatched Java bug.

The biggest social media sites are not immune to attack either. Twitter suffered a malware attack that exposed the confidential accounts of approximately 250,000 users. This is believed to have happened as a result of the same unpatched Java vulnerability.

No Company is Immune to Cyber Attacks

Around this time last year, a medical equipment manufacturer called Neurocare was targeted by cyber criminals. In that attack, all employees of the organization were affected. In that case, it was not the company’s systems that were attacked directly. The malware came via the company’s payroll processor.

These are all very large companies. But last year hackers used malware to pull of an even bigger and bolder campaign, launching an attack on the International Monetary Fund (IMF). As you could well imagine, the IMF has rather robust security controls in place, yet even they proved no match for the hackers. The attackers just went for the weakest link: IMF employees.

That attack involved spear phishing. Individuals working for the IMF were targeted with a highly convincing campaign which allowed malware to be installed on their computers. That attack was highly sophisticated in nature, and is believed to have been orchestrated by a team of hackers who had received backing from foreign governments. Highly confidential data was exfiltrated in the attack.

Phishing Campaigns Have Proved to be Highly Effective

This year, Kaspersky Labs reported a sizable increase in phishing attacks involving Apple IDs. Two years ago, the average number of attacks per day was just 1,000. Only 12 months later that figure had jumped to 200,000 per day.

Even security firms are not immune to phishing scams. RSA, a prominent American computer and network security company, suffered a phishing attack that was caught by the company’s spam filter. The emails were quarantined, yet were opened from within, unleashing a Trojan that harvested data from employee accounts. RSA’s SecurID tagsix was compromised in that attack.

RSA should not be singled out of course. Even bigger companies have suffered at the hands of phishers. An estimated 20% of Fortune 500 companies have become victims of these campaigns. Even the world’s largest corporations have been hit in recent months. IBM has been affected, and bigger companies still. Microsoft and Google are also victims of phishers.

Beware of Blended Threats Delivered Through Spam Email

The web may now carry the highest risk of malware distribution, but email is still commonly used to deliver malicious software. It remains one of the commonest attack vectors used by phishers. Email spam can be used to attack any device capable of receiving and opening email. This means tablets and Smartphones are vulnerable to attack, not just laptop computers and desktops.

One of the biggest threats comes from blended attacks. These are spam emails that contain links to malicious websites, or even legitimate websites that have been infected with malware. These threats are more difficult to deal with. They require a different form of defense that uses a combination of standard email anti-spam controls along with web security defenses.

Spam may not be the favored choice of hackers these days, but it still represents a serious threat to businesses. Dealing with the emails can waste an extraordinary amount of time and money. Spam can take up huge amounts of bandwidth that affects all employees in a company. Dealing with spam adds significant amounts to operational budgets.

The messages by themselves may not be dangerous, but links to malicious websites can represent a serious problem, especially if staff members have not been warned how to identify malicious links. Infected attachments also place computer systems at risk. Both methods can be used to deliver malware, which has potential to cause a serious amount of damage.

A number of defenses can be used to reduce the risk of malware attacks. Anti-virus software is a must, as is a separate anti-malware shield and scanner. Anti-spam controls are vital, as they can prevent the delivery of phishing emails to employees. Web filtering solutions are also highly beneficial. If a spam email gets through to an endpoint user, the software can prevent a malicious website from being visited.

Unfortunately, there is no single control that can be used to prevent all attacks. The solution is to use multi-layered security defenses and to keep them updated.

Scammers Use Fake LinkedIn Contacts to Develop Spear Phishing Campaigns

by titanadmin | Jul 15, 2015 | Spam News |

LinkedIn is a social networking website aimed at professionals, which helps them develop contacts, network, get new business, and find new employment opportunities. One of the main purposes of the site is to build up new contacts, making the site perfect for criminals looking to phish for information. The information that can be gathered can be used against individuals – or organizations – to conduct highly convincing spear phishing campaigns.

What is a Spear Phishing?

You may be aware of phishing, a technique used by criminals to get computer users to reveal their login names, passwords, credit card details and other highly sensitive information. Phishing is like using a trawl net behind a boat. The aim is to catch as much as possible. Sooner or later something will swim into the net. With phishing, spam emails are sent out in the millions in the hope that someone will respond. It is a numbers game, and the unwary will be caught.

Spear phishing on the other hand is not random. Individual victims are targeted. Spear phishing campaigns are often very convincing, and emails are sent containing information that is likely to fool a specific individual – or small group of individuals- into revealing passwords, login credentials, security codes or other information. These campaigns are also highly effective at getting users to click links to malicious websites, or open malware-infected email attachments.

How does Spear Phishing Work?

In order to convince users to install malware or reveal their sensitive information, those individuals must be convinced to take a specific action. To increase the chances of that happening, the criminals behind the campaigns need some nuggets of information. These could be gained from social media websites. People reveal a wealth of information about themselves on Twitter and Facebook, and some leave their accounts open for anyone to see.

LinkedIn is similarly being used by hackers to gain information about users, with the data harvested being utilized in future phishing and spamming campaigns. Data is collected on users, and used to devise phishing emails containing malicious software or links to malware-infected websites, or fake websites which convince users to enter in their sensitive details.  

LinkedIn Used by Scammers to Gather Sensitive Data

One of the latest scams identified involves the creation of fake LinkedIn contacts. Accounts are created by scammers, and then used to make connections with people in similar industries. Unfortunately, connecting with these individuals will allow them to obtain a wealth of information on you, such as your employment and education history, phone numbers and whatever information you add to your profile. In many cases, you will be supplying your entire CV to a hacker by accepting them as a contact. Fake LinkedIn contacts are now a major problem as they pose a big security risk.

This means that every contact must be vetted and assessed before you agree to a connection, and who has the time to do that?

How to Spot Fake LinkedIn Contacts

Fortunately, there are some common tells, and a little research (even a couple of minutes) can reveal fake LinkedIn contacts.

No photograph has been added

LinkedIn is all about making professional contacts. Photographs are therefore essential. People like to see who they are connecting with. If no photograph has been added, treat the account with extreme suspicion. Would the CEO of a mining company really be that concerned about someone finding out what he or she looks like?

Stock Photographs Used

Stock photographs can be purchased from image libraries for cents. Complete a quick Google image check against the user’s name and photo. If they are interested in business networking, their photo is likely to appear on other websites. If it appears under a different name, you will know the account is a fake.

Stolen Photographs Used

A photo search can reveal quite a lot of information about the genuineness of a contact. If your prospective contact is a librarian, it is perhaps unlikely they will also be a Ukrainian heavyweight boxing champion (Not necessarily of course!)

Numerous fake accounts have been created with the individuals claiming to be directors of companies. By day, they are the CEO of two or three different companies, by night they supplement their income by producing internet porn (Images have been taken from adult sites and used for LinkedIn). Unlikely perhaps, that CEOs would feel the need to do this.

Some fake LinkedIn accounts are very convincing

Not all fake LinkedIn accounts are suspicious. Many have extensive contacts, and a realistic profile. However often times that information has been lifted from other websites. Sometimes a photo will not have been used elsewhere online, but frequently the text has. One way of checking is to cut and paste small section of their profile and pasting it in Google. It may reveal that the data has been copied from a legitimate LinkedIn account or other social media site.

What is the Risk of Connecting with Fake LinkedIn Contacts?

There are a number of reasons why criminals go to the trouble of creating fake LinkedIn contacts. Spammers can use LinkedIn to obtain email addresses. Criminals can gain information to launch phishing campaigns and information can be gathered to commit identity theft. If a scammer can convince you they are genuine, they may create a fake job for you and get you to reveal some very sensitive information.

Of course the only way to be sure that you are not accepting fake LinkedIn contacts is to only connect with people you know, but that kind of defeats the whole purpose of the website. The answer is therefore to conduct a rudimentary check to make sure the person you are about to share information with is in fact genuine.

Facebook Hacks Compromise 145 Million Accounts

by titanadmin | Mar 9, 2015 | Spam News |

Facebook hacking is rife and, if it happens to you, you are not alone. Unfortunately, there is no one to blame other than yourself. Facebook hacking is caused, in the vast majority of cases, by poor security practices and a lack of security awareness.

Facebook accounts get hacked because:

• Passwords are stolen in phishing attacks
• Two-factor account authentication is not used
• Passwords are shared across multiple sites
• Keyloggers have been installed on a computer used to access Facebook

If a hacker manages to obtain one password, chances are that same password is used on other sites. Criminals sell passwords online, and there are plenty of would be purchasers. Hackers even buy them on exchanges. Sharing passwords across sites is therefore very bad news, especially on sites that have poor security practices.

Fortunately, on Facebook at least, if you are hacked you can report it easily and should be able to recover your account.

A blocked Facebook account does not necessarily mean you have been hacked!

Facebook does frequently block user accounts. It does this as a security precaution, which is good for all users and offers some peace of mind. How often are accounts blocked? About 600,000 times a day, according to TechCrunch!

That is an awful lot of compromised accounts, yet do bear in mind that Facebook has over a billion users. So 600,000 represents just 0.06% of the total. Which is 6/10,000 if you prefer fractions to percentages.

When Facebook blocks an account is because the account has potentially been compromised. According to Facebook, this occurs when “we are not absolutely confident that the account’s true owner is accessing the account and we either pre-emptively or retroactively block access.”

This means that there is suspicious activity, Facebook often errs on the side of caution and blocks access. That could indicate an account has been hacked, or that action is being taken to prevent the account from being hacked. The good news is that when this happens, only the real owner can get the account unblocked. In theory at least.

When the figures of the number of blocked accounts emerged, the story was widely misreported in the media. Facebook was accused of a “shocking lack of security,” but the compromised account definition had not been read by many Facebook users, and even some reporters. Also bear in mind, that those 600,000 blocked accounts will include many false positives.

Determining exactly how many Facebook accounts have been hacked is rather difficult, unless you work for Facebook and have access to that data. It is possible however to come up with a fairly reasonable estimate, based on research conducted by security and market research firms. Their data can be used to get a reasonable estimate.

Take Statista’s figures for example. It conducted surveys on individuals who had been hacked, and 66% said they had had their Facebook accounts compromised. Then combine that with study data from Pew Research. The company determined that the volume of “internet users have had an email or social networking account compromised or taken over by someone else without permission” was 22%.

Using a simple calculation an estimate can be obtained: There are 1 billion Facebook users. 22% of individuals claim to have had an account hacked, and Statista says 66% of those were Facebook accounts. That works out at 145 million users, which should be a fairly reasonable estimate.

Fortunately, Facebook security is robust. A mobile phone is required as part of the account recovery process, so you would need to have lost that as well in order for your challenge question to be used to login. SSL certificates prevent network snooping, and the brute force approach will be prevented by Facebook’s security controls. But phishing scams are likely to leave your account open.

Fortunately, there are ways that you can protect yourself, and your Facebook account.

It can be difficult to avoid phishing scams, and all too easy to fall for one. One of the best defenses is to use Antispam software. SpamTitan’s software will prevent phishing campaigns from being delivered to your inbox. Parental controls at home, and web filtering controls at the office are excellent ways of blocking malicious links.

Unfortunately, not all access points have the above controls, so you will have to rely on common sense and become more security aware. For example:

• Never click on a link that appears to take you to an unfamiliar site.
• Never open email attachments sent from unfamiliar senders.
• Use different passwords – don’t share them between websites
• Use complex passwords, containing characters, capitals, and numbers
• Don’t share everything about your life on social media
• Change passwords regularly, certainly every 6 months
• Don’t reuse passwords
• Keep your anti-spam software, virusguard, and anti-malware programs updated, and scan regularly
• Set your account recovery options and security questions as if they were passwords

And remember, just because you have friends and family on Facebook, don’t let it create a false sense of security. You can never be sure how security conscious they are! Complacency is likely to leave you vulnerable to hackers.

If your Facebook account has been hacked, let us know. We want to hear your stories!

Phishing Emails Tripled in 2014, Says Kaspersky Labs

by titanadmin | Feb 15, 2015 | Spam News |

Phishing emails may not account for a high percentage of total email traffic, but they are becoming more prevalent. In fact, since 2014 the growth of these malware spreading emails has tripled, according to a new report issued by Kaspersky Labs.

Kaspersky determined that the percentage of phishing emails in total email traffic is now 0.0071%. Compare that to spam emails which accounted for 66.34% of all email traffic in the first quarter of 2014, and the figure seems very small. However, the damage that can be caused by the emails is considerable. For some companies, the damage can be catastrophic. When phishing emails lead to financial losses, funds can rarely be recovered.

Phishing emails are becoming increasingly common, but spam appears to have declined a little. A fall of 6.42% was registered since the last quarter of 2013.

Social Media Overtakes Email as Main Method of Phishing Campaign Delivery

Phishing campaigns are frequently delivered to potential victims via email. A link to a malicious website is sent – often randomly – to individuals in the hope that they are fooled into clicking. That link will take the person to a website where they are required to enter confidential data such as login names and passwords. Oftentimes, visiting the website will result in malware being downloaded to the visitor’s computer.

Spam emails are still favored by cyber criminals in some countries such as China and South Korea; however, social media has now overtaken email as the main method of delivery of phishing campaigns according to Kaspersky.

This may not come as a surprise. Rather than hackers sending the campaigns to new victims, victims of phishing campaigns share the links voluntarily (and unwittingly) via Twitter and Facebook pages. Infecting new computers could not be any easier.

Infected email attachments are still a popular method of malware and virus delivery. If these attachments are opened, the user will install malware and viruses on their device.

Top Ten Malicious Programs Spread by Email

Even with the rise in popularity of social media for malware delivery, spam emails are still responsible for spreading a huge volume of malware. In Quarter 2 of 2014 alone, Kaspersky Labs were able to block an incredible 528,799,591 malware attacks. The volume of different types of malware is also astonishing. During the same period, Kaspersky Labs detected and blocked 114,984,065 unique potentially unwanted objects.

Many of the viruses and malicious programs are camouflaged to look innocent. Take the most popular malicious program used by cyber criminals as an example. Trojan-Spy.HTML.Fraud.gen appears to be a standard HTML page containing a form for online banking. When data is entered, the information is transmitted to hackers who are then able to use the information to gain access to users’ bank accounts.

Cybercriminals Earning over $100 Billion a Year

Cybercriminal attacks are increasing in frequency and severity, and this is unlikely to change given the huge sums of cash that can be obtained. According to recent estimates by the FBI, the proceeds of cyber crime are in the region of $100 billion per year. The bad news is that criminals are devising ever more sophisticated ways of attacking organizations, and many of those organizations are ill-prepared to deal with the risks. Oftentimes even basic security measures against cyber attacks are found to be lacking. This is due to extremely limited IT security budgets, which hamper efforts to deal with all the threats.

Many organizations do not have clear and concise IT security policies in place, and do not place an individual in overall charge of cybersecurity. Sometimes there is not even a dedicated IT security professional employed and many organizations are still not providing all members of staff with security awareness training.

A failure to employ the appropriate staff, allocate sufficient budgets to IT security and train the staff can prove very costly indeed. Lost and stolen data, system downtime and drained bank accounts result in far heavier losses than the cost of implementing security measures to prevent attacks. Even the cost of new IT security staff will pay dividends in the long run.

Staff Security Awareness Training is Critical

Spam emails and phishing campaigns generally have one of two main aims: To trick users into revealing sensitive information or to fool people into downloading and installing malicious software and code. The latter allows hackers to take control of computers and infiltrate networks.

Spam and phishing emails can be very convincing, yet there are a number of tell-tale signs that emails are not all they appear to be. By providing training to staff members on these tell-tale signs, the risk of employees falling for a scam can be drastically reduced.

Email Security Solutions Must be Employed to Protect Sensitive Data from Attack

Can you be sure that staff members will be vigilant and security aware? Unfortunately, even with training, employees will make mistakes. They are human after all. It is therefore important to install security solutions that will limit the volume of spam emails that are delivered to employees’ inboxes.

One of the best solutions is a spam filter such as SpamTitan Anti-Spam. This data security solution has now been employed by IT security professionals in over 120 countries around the world. They benefit from being able to block over 99.7% of spam emails.

Since SpamTitan uses two separate anti-virus engines (Bitdefender and Clam AV) the catch rate is particularly high. Furthermore, SpamTitan includes an anti-phishing module as standard that filters out emails containing links to known malicious websites. This further reduces the risk of an employee accidentally clicking on a link and downloading malicious software. Consequently, SpamTitan is one of the best investments to protect against cyber attacks.

Human Behavior Being Exploited By Phishers

by titanadmin | Aug 20, 2014 | Spam News |

Cyber criminals are using phishing to lure web visitors into revealing their sensitive data. Internet surfers are presented with a baited hook, which draws them into revealing login names, passwords, security keys and other valuable data.

The technique can be employed by individuals with little to no hacking skill, luring users to a malware-ridden website in exchange for payment. There are plenty of would-be criminals looking to make a quick buck, and since the campaigns can be so effective, online thieves and criminals are increasingly using this technique to make money.

Many online criminals use phishing in random campaigns sent via email. There is little skill involved. It is simply a numbers game. If enough emails are sent, sooner or later someone will respond and fall for the bait. However, we are now seeing much more sophisticated campaigns launched.

It used to be easy to spot a phishing email. They were littered with grammatical errors and spelling mistakes. Images were used that were clearly fake, and the emails would only fool the most unsuspecting computer user. They claimed victims, nonetheless, but only a few.

Some of the phishing emails now being sent are extremely convincing and very difficult to identify. Even well trained, security-conscious IT professionals have fallen for some of the scams. The reason? They work by exploiting traits in human behavior and use techniques that are particularly effective at drawing the required response.

Human Traits Successfully Being Manipulated by Hackers

Cyber criminals are exploiting human behavior to get users to click on links to malicious websites or open attachments. They rely on common traits that are all but guaranteed to get the desired response. The male of the species, for instance, is easily tricked into opening an apparent JPEG file if he is promised a glimpse of bare female flesh. An offer of sex from an unknown admirer can also work particularly well.

Not everyone is motivated by sex. For others the promise of financial gain does the trick. Criminals exploit greed to get users to click on a link. A money making scheme, or a hot stock tip, can entice many people to click on a link. Curiosity is also exploited. Major news events, conspiracy theories, celebrity news, and information on natural disasters have all been used by email spammers and scammers to get people to visit a malware site or open an email attachment.

Even the sense of duty has been exploited. Emails are sent from the accounts of work colleagues, bosses, civil authorities or law enforcement officers. These are effective at fooling users into complying with requests.

By exploiting human traits and evoking emotions, recipients of these scam and spam emails swallow the hook, and often the line and sinker too.

Spear Phishing: Effort Put in is Rewarded with More Victims

The sending of millions of mistake-ridden emails results in very few individuals falling for the scams. When email spam filtering software is employed, the filters will prevent these emails from even being delivered.

However, a little research goes a long way. Phishers who invest time into researching victims can see the time they spend on the campaign really pay off. A search on social media will reveal a considerable amount of information on an individual. Employers can be found on LinkedIn, Facebook can be used to find out friends’ names, and Twitter exploited to find out a user’s interests.  With this information, highly effective campaigns can be developed.

These phishing campaigns are referred to as spear phishing. As the name suggests, the hacker goes after one fish. These campaigns can be incredibly effective as they exploit trust. If an email is sent that appears to be from a friend or colleague, it is far more likely to be opened. But how is this possible?

SMTP Weaknesses Are Exploited by Phishers

Unfortunately, the SMTP protocol contains a security weakness. Hackers can exploit this weakness to mask the true sender of an email and the return address. To the casual viewer it appears that the email has been sent from a known individual, and even replying to the mail appears to direct it to the correct mail recipient.

Fortunately, a spam or phishing email is not dangerous. It requires an action to be taken by the recipient. Deleting such an email will delete the risk. Only opening the attachment, downloading it, or visiting a link contained in the email will result in the delivery of malware, a virus or the installation of malicious code.

Unfortunately, while most employees know never to double click on a file with a .exe extension, file extensions can be all to easily masked. They can be made to appear as a PDF file or JPEG, or other supposedly innocent file type. Without training, users are likely to open these attachments, and unwittingly activate the executable file.

The way to prevent users from clicking on links and opening attachments is to provide them with security awareness training. Teach staff members how to identify phishing campaigns, and they can check the genuineness of emails before they take action. Developing a culture of security awareness is therefore essential in the fight against cyber crime.

Blocking the emails with a spam filter is even better. That way, the email will never be downloaded and delivered. Unfortunately, from time to time emails do slip through the net. When that happens, employees must know how to react.

Training is therefore important even if a robust and reliable spam filter is used. After all, it is best to be shown how to deal with a phishing email that never arrives than to fall for the first one that gets past a spam filter.

Do Hackers Ever Get Caught and Punished for Their Crimes?

by titanadmin | Aug 6, 2014 | Spam News |

The news is full of reports of data breaches that have been suffered by companies and even governments. Numerous media reports detail how hackers have managed to obtain tens of thousands of confidential records, or in some cases, tens of millions or more. However, it is rare that a hacker is caught and brought to justice for the crimes committed.

Recently, a hacking group in Russia was reported to have stolen a staggering 1 billion passwords. If that was not shocking enough, the authorities know the individuals are located in central Russia. They are also in their early 20s. If they have been identified, why have they not been arrested?

Bringing hackers to justice is complicated

In this case, there are problems because it is the United States that wishes to take action. The crimes were committed against Americans but some countries are unwilling to turn over their own citizens to other countries. In this case, should the criminals be tried in Russia or in the United States? Where should justice occur, where the crimes were committed or in the country most affected by the crimes? Should hackers be extradited?

If there is no treaty in place between two countries, hackers will be tried and sentenced (or not) in their own countries. The United States has tried to get five Chinese hackers extradited and brought to the United States to face trial. They worked for the Chinese military. China is unlikely to take any action, and certainly will not release them to the United States. The individuals are believed to be behind attacks on Alcoa, U.S. Steel and Westinghouse, as well as on other U.S. firms. The criminals were indicted, but that is as far as the U.S. got. They are very likely working on new hacks against U.S. companies.

In some cases, hackers do not need to be extradited. The FBI has previously tricked hackers into coming over to the United States voluntarily. By doing so the tricky issue of extradition has been avoided. The FBI set up a job interview for two hackers using a fake Seattle company. The pair, Alexey Ivanov and Vasily Gorshkov, arrived for the interview and were promptly arrested. The latter received a sentence of 3 years, the former got 48 months.

Spam email kingpin sent 30% of all junk emails!

If you are a cybercriminal or spammer and you have launched attacks on Americans, it is a wise move never to visit the country. However, some just can’t resist. When visiting a car show in Las Vegas in 2010, Russian super-spammer, Oleg Nikolaenko, was arrested and charged for his crimes. He had used a botnet to send the spam emails. That botnet included a staggering half a million computers. Even more staggering was the volume of emails he sent. An estimated 10 billion per day. He is awaiting trial.

Hackers are very good at hiding their real identities and consequently can be difficult to locate. It can be even harder to bring them to justice.

It should come as no surprise to hear that many successful hackers are based in countries that offer protection against extradition to the United States. Unless there are international laws signed, and more cooperation between countries to tackle the global problem of cybercrime, they are unlikely to be tried and sentenced for their offenses.

233 Million Customers Affected, Yet eBay Fails to Notice 3-Month Data Breach

by titanadmin | May 29, 2014 | Spam News |

eBay customers have started to receive emails advising them to change their passwords. Their user names and passwords have been obtained by hackers, and a new password must be set for security reasons.

Unfortunately for many eBay account holders, the requests to change passwords have not been sent by eBay, but by phishers. The emails contain a link to a website which looks like eBay, but it isn’t. It is a fake website devised to get users to reveal their current passwords. This sneaky phishing campaign is likely to catch out many eBay account holders.

Data breach was suffered, but not identified for 2 months

In late February/early March, three employees of eBay had their login credentials compromised in a cyberattack. The cybercriminals used the login credentials to access a database containing the names of 233 million site users. Phone numbers, addresses, email addresses, dates of birth, and customer names were stolen, along with encrypted passwords.

In early May, eBay became aware of the breach, two months after it occurred. The company then waited a couple of weeks to make the announcement. The delay was because eBay didn’t realize that account information had actually been stolen. It took the best part of a month to realize data were actually stolen in the attack. Fortunately, PayPal information was not compromised and neither was any financial information.

A breach that does not involve bank account details or credit card information being exposed can still be serious and, in this instance, eBay account holders are at risk.

Passwords may have been encrypted but hackers I’ll be able to guess some as they have a lot of personal data. Dates of birth for example. They are often used as passwords. Since email addresses were obtained, the victims that have not had their passwords guessed are now being spammed with phishing campaigns.

Most customers will be aware of the exposure of their data and as a result, they may believe the phishing emails to be genuine. If they do, they will inadvertently reveal their passwords when they attempt to change them.

Investigations launched into the eBay data breach

Investigations into the eBay data breach have now been launched by state attorneys general in three States – Connecticut, Illinois and Florida. In Europe investigations are also being conducted. The attorney general of New York has spoken out about his expectations. He believes credit protection services should be offered to breach victims without charge. At the present moment in time, eBay has no plans to offer any risk remediation services to customers.

eBay has been criticized for the slow identification of the breach, as well as the slow response when it was discovered. Initially there were no victims, then there were 145 million. eBay finally settled on 233 million accounts.

It may not be a problem for spammers to send 233 million emails, but for eBay that has taken some time. The company tweeted news of the breach, but email notifications took a considerable amount of time to be sent. This may have resulted in more individuals responding to the phishing requests.

eBay breach victims must exercise caution

A data breach of this magnitude, affecting a company as large as eBay, is worrying. How good were the security measures it had in place? Why was the phishing campaign not identified before three people responded? Why were the phishing emails not blocked and prevented from being delivered? Only time will tell.

Since information has been compromised, and hackers are now attempting to guess passwords based on the personal data they have acquired, it is a wise security precaution for account holders to login to the site directly and change their passwords. They should not respond to an email, as it may be a phishing campaign.

Hacked Domain Takes Down ISP and Results in Customer Exodus

by titanadmin | May 26, 2014 | Spam News |

Unfortunately, all it takes to lose swathes of customers and destroy the reputation an ISP is for a single email spammer to get a block of your IP addresses blacklisted by a number of ESPs and RBLs. It is a nightmare scenario, yet it is one that could all too easily play out.

Customers using any of the blacklisted domains would have their outbound emails blocked and, if they cannot send emails, they will leave in their droves for another provider. Perhaps even worse than losing those valuable customers will be the comments they invariably post all over the Internet. Negative feedback can seriously damage a company’s reputation and it can take a long time for a damaged reputation to be restored.

There are steps that can be taken to at least temporarily fix the situation. The IP addresses affected could be swapped, and netblock could be used as a temporary fix. Unfortunately, recovering blacklisted IP addresses is a very slow process. During this time, other IP address blocks could be lost.

Managing risk is difficult. It is possible to set limits on the number of emails that can be sent by a particular domain. Alerts can be configured to identify a domain that is being used to send spam, and it may be caught in time to prevent blacklisting. IP netblocks can be changed should it not be possible to prevent a domain being blacklisted by ESPs and RBLs.

The process of undoing the damage caused by spammers is a nightmare as well. New domains must be warmed up, and efforts made to ensure they are operated within acceptable ESP limits. Otherwise they will just get blacklisted again and the process must restart.

Fortunately, there is a solution that can be adopted by MSPs and ISPs that can prevent blacklisting. Install the latest version of SpamTitan!

SpamTitan v6.3 includes outbound email filtering

SpamTitan will prevent spam emails from being delivered to inboxes; however, version 6.3 also includes a sophisticated and powerful outbound email filter that can be used to prevent spam emails from being sent from accounts. If a domain is hijacked and used to send spam emails, or is used by an individual within your organization, the emails will be blocked and the ESP will not be alerted.

SpamTitan v6.3 uses the same identifiers to clean and filter outbound email as it does for incoming spam. System administrators can set rate limits by email address, IP address range, or domain.

If an organization needs to send a high volume of emails, to avoid inadvertently causing problems with an ESP, a pool of IP addresses can be used to send email and these can be rotated. This allows risk to be effectively managed. Damage to the reputation of IP addresses and the business itself can be easily prevented.

Any MSP providing multiple client domains can implement SpamTitan v6.3 and ensure that emails are sent safely, while the risk of blacklisting is kept to a bare minimum. The Anti-Spam solution will also ensure that incoming emails are cleaned and spam is quarantined, while the Anti-phishing module will protect against malicious attachments.