Multi-Stage Cyber Attacks Growing
Cybercriminals are increasingly turning to multi-stage or “blended” attacks consisting of messaging combined with Web elements, according to a new report from Commtouch. Blended attacks use e-mail or search engine results to lure victims to bogus web sites, where the victims then encounter spam advertising, malware, or phishing scams.
Fraudsters are also using trusted brands like Apple and Google, holidays such as Mother’s Day, and current events such as the Football World Cup to build traffic. Spam related to the World Cup began appearing in January, according to a separate report by AppRiver.
During Q2, Gmail and Yahoo kept their top spots as spoofed domains for e-mail distribution, but they have now been joined in the top six by Twitter. The Twitter domain was faked in a widespread mailing designed to lure users to a “password reset” Web page that contained malware.
Other highlights from the Commtouch’s Q2 Trend Report indicate the extent to which spam has come to dominate e-mail traffic. It averaged 82% of all e-mail traffic throughout the quarter, bottoming out at 71% at the start of May and peaking at nearly 92% near the end of June. These numbers equate to an average of 179 billion spam messages per day.
In another disturbing trend, an average of 307,000 zombies were activated daily, representing a slight increase over the prior quarter.
According to Commtouch, the reported global spam levels are based on Internet e-mail traffic as measured from unfiltered data streams, and do not include internal corporate traffic. Global spam levels will therefore differ from the quantities reaching end-user in boxes, due to several possible layers of filtering.