Business-targeted cyberattacks on the rise again —Symantec

Aside from the usual Valentine's Day spam, new wave of cyberattacks posing as business mediation and arbitration services was noted this February, computer security firm Symantec said.

 

Symantec said the attacks target businesses by claiming to be from the US Better Business Bureau, "socially engineered" to suggest that a complaint had been filed against the organization.

 

“These attacks are reminiscent of similar incidents that were first reported in 2007, when C-level business executives were being targeted with emails that purported to originate from the US Better Business Bureau (BBB). The new wave of attacks bear similar social engineering techniques to the 2007 attacks, although recently the attackers are using considerably more advanced techniques, including server-side polymorphism, making them especially protean in nature,” said Paul Wood, Symantec's cyber security intelligence manager.

 

He noted the emails are written such that the recipient would be led to clicking on an attached PDF file that contains an embedded executable file.

 

In some cases, the PDF contains a URL that leads to the malware.

 

Wood also said server-side polymorphism enables the attacker to generate a unique strain of malware for each use, to evade detection by anti-virus software.

 

"Scripts such as PHP are commonly used on the attacker’s Web site to generate the malicious code on-the-fly. Like the Greek sea-god, Proteus, the continually transforming nature of these attacks makes them very difficult to recognize and detect using more traditional signature-based defenses,” Wood said.

 

Valentine's Day spam

 

Symantec also noted a rise in spam in the week running-up to St. Valentine’s Day.

 

It noted the volume of spam messages referencing the event rose by as much as three and a half times the daily average for that week.

 

"The volume started falling off again after February 14, with a late spike occurring on February 16, when almost 6 times the daily average volume of emails referencing the special day was recorded," Symantec said.

 

Symantec also noted that in February, the global ratio of spam in email traffic fell by 1.0 percentage points since January 2011, to 68.0 percent (1 in 1.47 emails).

 

This follows the continuing trend of global spam levels diminishing gradually since the latter part of 2011.

 

However, Symantec also noted a rise in the global phishing rate by 0.01 percentage point in February, taking the global average rate to one in 358.1 emails (0.28 percent) that comprised some form of phishing attack.

 

E-mail-borne Threats: The global ratio of email-borne viruses in email traffic was one in 274.0 emails (0.37 percent) in February, an increase of 0.03 percentage points since January 2011.

 

In February, 27.4 percent of email-borne malware contained links to malicious Web sites, 1.6 percentage points lower than January 2011.

 

Web-based malware threats

 

For February, Symantec Intelligence identified an average of 2,305 Web sites each day harboring malware and other potentially unwanted programs including spyware and adware.

 

This wa an increase of 9.7 percent since January 2011.

 

As for endpoint threats, the most frequently blocked malware for the last month was WS.Trojan.H.

 

WS.Trojan.H is generic cloud-based heuristic detection for files that posses characteristics of an as yet unclassified threat. — TJD, GMA News