Content

Massive rise in phishing attacks

The number of phishing attacks in May increased by 226 percent, according to a new report by IBM.

Publishling the figures in its Global Business Security Index, the company found that networks of compromised computers, known as botnets, were the main reason for the massive jump.

The study of 500,000 monitored systems and 2,700 security professional also recorded an increase in virus-infected emails. According to the figures, 30 percent of all emails are now infected with some form of virus, a figure up 33 percent from the previous month. The amount of spam leveled off at 68.7 percent of inbound email traffic over the last three months.

The company also identified a zombie network operating from compromised hosts at several educational institutions caused by an active exploitation of a Microsoft Library ASN.1 vulnerability. The company said it had contacted the organizations involved to fix the problem.

"Even a small disruption can have serious impact on business operations, and loss of data integrity or confidentiality can lose a customer base that took years to build," said Cal Slemp, vice president, security and privacy services, IBM Global Services.

A different survey by Fortinet found that trojans being spammed via botnets was an emerging new trend. Guillaume Lovet, EMEA Threat Response team leader at Fortinet said there were two main causes for this. First, spyware authors buy or rent botnets to "plant" their malware. The advantages of this was an almost guaranteed rate of success given the size of the seeding net. And second, mass-mailers use this seeding to spread more effectively.

"An obvious advantage is that only the trojan is going through the probable anti-virus engine integrated with the mail server," said Lovat. "And because simple downloaders have a very reduced set of features (and absolutely no replication feature), they are way less likely to get caught by modern anti-virus scanning strategies, such as heuristics or sandboxing."

He said there was a strong indication that more attacks of this nature would happen in the future.

www.ibm.com/security
www.fortinet.com

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.