Over the last 12 months, there have been a number of high profile cyber security breaches, from Sony to Fiat Chrysler Jeep hack to Ashley Madison, that have thrust the issue of IT security to the forefront of the collective business consciousness. Businesses will need to continue to be aware of the emerging and evolving threat landscape to protect customers as well as company IP. Andrew Conway, Research Analyst at Cloudmark, discusses the latest findings of the April to June Cloudmark Global Threat Report to help businesses better protect their assets.
Ransomware threat to small businesses
Ransomware (malware that encrypts the files on your hard disk and demands a ransom to restore them) is an increasing threat to all computers. However, it’s a particular threat to small businesses, as they may have mission critical data on a single computer without adequate backup.
As the world economy picks up, many small businesses are hiring. A current spam attack that was specifically targeted at small businesses used fake resumes to try to trick owners into installing ransomware on their computers. Cloudmark detected this attack was directed at users in 14 countries including the UK, the Netherlands, Italy, Switzerland, and Germany. Businesses should ensure employees are adequately trained to never click on links or open attachments in unsolicited emails.
Abuse of new top level domains
If spammers always used the same call to action URL in their emails, that would be easy to filter. To try to get their spam delivered they need huge numbers of different URLs, though these may redirect to the same few landing pages. Cyber criminals can do this by either buying a large number of disposable domain names or using free URL shorteners and other redirectors. Cloudmark analysed the generic Top Level Domains (gTLDs) like .ninja, .science and .rocks that have recently become available.
As expected, the cheaper the domain registration, the more likely it is to be abused by spammers, with free TLDs being almost entirely used for spam. Two outliers for this rule are .science, which is attractive to spammers because it sounds reputable, and .xxx which is attractive to spammers because it sounds disreputable. Recently, Cloudmark has seen a rise in abuse for .faith, which is offering a first year sign up of just US $0.25. The registrar is clearly hoping to lure customers with a cheap first year and then make their money when they pay $19.95 to renew. Of course, spammers will only be using those domains for a week at most, so it is unlikely that these renewal fees will ever get paid.
URL shortener abuse
Businesses will also need to be aware of spammers who chose to use URL shorteners for their call to action. In this threat, the scammer is also looking for the best deal, but not financially. Instead they are looking for the shortener that is worst at detecting abuse. A year or so ago this was Twitter’s t.co, but Twitter has improved their defences of late, and the spammers have moved on to abusing bit.ly. Since the publication of the report highlighting this problem, Cloudmark has reached out to bit.ly to help address this problem, in an attempt to deny this resource to spammers as well.
Spam sent from hosting companies
Spammers who are promoting illegal scams such as ransomware, phishing, and bootleg pharmaceuticals will typically use illegal means such as botnets to send their spam. This is cheap and since they are already breaking the law, there is little additional legal risk because they are using a botnet. Those that are skirting the edge of legality by sending marketing emails to people who have not opted to receive them (often across an international boundary) will usually opt to rent servers from a hosting company to send their spam. Once again, they will be looking for hosting companies that are not very good at detecting and dealing with abuse. Recently the spammer’s choice within the UK has been Iomart. Iomart is a hosting company that otherwise has a very good record, but they seem to have some difficulty in detecting abuse once they rent a dedicated server. The company reporting the most spam from Iomart is a Brazilian ISP. Because there are no anti-spam laws in Brazil, it is a major target for marketing spam.
However, Iomart’s spam output is dwarfed by some other European hosting companies, particularly OVH in France, some of whose users send vast amounts of spam to Italy, Brazil, and other countries. Spam is an international problem, and it would be good to see an international solution. Perhaps the European community could adopt uniform anti-spam laws modelled on Canada’s highly successful CASL legislation.
In order for businesses to protect themselves, it is imperative to remain vigilant and stay on top of current and future cyber threats. In addition, the threats highlighted above are not pigeonholed to a certain type or size of company, but can transcend all levels within the business community.
PREVIOUS ARTICLE«In-store personalisation: creepy or cool?
NEXT ARTICLEHow is Neuromarketing shaping up in Latin America? »
This short video shows how you can take the advantage and flip the odds on attackers using Behavioral Attack Detection technologies.
Phil Muncaster reports on China and beyond
Rupert Goodwins’ unique angle on tech change