Kaspersky Lab Report Highlights Spam and Phishing Trends in Q2 2018

On August 14, Kaspersky Lab issued its quarterly report on spam and phishing trends in the second quarter of 2018.  Among other findings, the report addressed the following trends that may be of interest to corporate compliance and information-security professionals:

  • GDPR-Oriented Phishing Attacks: The report noted a surge in email attacks, using the General Data Protection Regulation (GDPR) as the subject matter, that were directed at customers of financial organizations and information technology service providers. The emails falsely “notified email recipients that they were switching to a new GDPR-compliant policy and asked them to confirm permission to store and process personal information . . . and to update their account information. To do this, customers had to click on the link provided and enter the requested data, [which the phishers directly received].”
  • Malicious IQY Attachments: Researchers observed “never-before-seen IQY (Microsoft Excel Web Query) attachments [to malicious spam]. Attackers disguise these files as invoices, order forms, document copies, etc., which is a known ploy that is still actively used for malspamming. The From field contains addresses that look like personal emails, and names of attachments are generated in accordance with the following template: the name of the attachment, and then either a date or a random number sequence. . . . When the victim opens the IQY file, the computer downloads several trojan-downloaders, which install the Flawed Ammyy RAT backdoor.” The report added that “[i]t is rather difficult to detect these attachments because these files look like ordinary text documents which transfer web-inquiry data transfer parameters from remote sources to Excel spreadsheets.”
  • Data Leaks: These included previously reported instances of large-scale data leaks, such as the hacking and theft of personal information of 27 million Ticketfly customers.
  • Cryptocurrency Schemes: The report stated that cybercriminals “continue using the names of new ICO projects to collect money from potential investors that are trying to gain early access to new tokens. Sometimes phishing sites pop up before official project sites.”
  • World Cup 2018 Schemes: Cybercriminals used the World Cup 2018 “in many traditional scamming methods using social engineering.”
  • HTTPS: The reported observed that “more and more phishing pages are now found on certified domains.”
  • Vacation-Oriented Schemes: Cybercriminal used vacation-oriented fake websites, including airline-ticketing and hotel-booking sites.
  • Distribution Channels: The report stated that “most large-scale attacks were found in messengers and on social networks.”
  • WhatsApp: Cybercriminals are using WhatsApp more frequently to distribute their content.
  • Twitter and Instagram: Twitter “has recently become a breeding ground for fake celebrity and company accounts,” the most popular technique being cryptocurrency giveaways on behalf of celebrities. Fake accounts also were found on Instagram.
  • Search Results: Ads with malicious content and links to phishing sites in the search results pages of major search engines “has recently become a popular method of advertising fake ICO project websites.”
  • New Spammer Tricks: New tricks that spammers used to evade filters included double email headers and automatic mailing list subscription confirmations.
  • Other Trends:
    • Proportion of Spam in Email Traffic: The average percentage of spam in world mail traffic is 49.66 percent, which was 2.16 percentage point lower than the preceding quarter.
    • Sources of Spam by Country: The five leading source countries were China (14.36 percent), the United States (12.11 percent), Germany (11.12 percent), France (4.42 percent), and Russia (4.34 percent).
    • Geography of Phishing Attacks: The five countries with the highest percentage of users attacked by phishing were Brazil (15.51 percent), China (14.77 percent), Georgia (14.44 percent), Kyrgyzstan (13.60 percent), and Russia (13.27 percent).  The United States was not among the top ten countries.
    • Types of Organizations Attacked: The top five types of organizations under attack were global Internet portals (25.01 percent), financial and e-pay organizations and bank (21.10 percent), IT companies (13.83 percent), online stores (8.17 percent), and government and taxes (8.17 percent).

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s