Malware and spam developers understand that the easiest way to lure a user into clicking on a link, opening a file attachment, or reading a message is to target hot topics that those users are already interested in and discussing around the proverbial water cooler. AppRiver, a provider of e-mail and Web security solutions, has compiled a report based on the first half of 2010 analyzing the current threat from malware and spam, and highlighting the opportunistic nature of the attacks.
One of the easiest targets for spam and malware is natural disasters. When events like the earthquakes in Haiti and Chile, or the massive volcano eruption in Iceland capture the headlines, people are curious about the details and anxious to offer support in any way they can. In the wake of such disasters, users are very likely to click on and respond to invitations that seem even remotely legitimate.
AppRiver reports that within days of such events malware and spam threats begin to rise. AppRiver found 419 phishing scams purporting to be charities seeking donations for natural disaster victims, as well as attackers using spam and Web links targeted at keywords related to the disaster to siphon money and spread malware.
Unless you consider the noise pollution of the vuvuzelas, the FIFA 2010 World Cup tournament is not a natural disaster. Still, a global event focused on the most popular sport in the world (outside of the bubble of the United States at least), with an expected audience of 30 billion is simply too enticing for malware developers to pass up. Fans eager to follow the spectacle are gullible targets for World Cup-themed attacks.
Another popular theme that attackers appear to have targeted is global warming. Everyone else is “going green”, so why not malware? Attackers launched a spear phishing campaign targeted at companies involved in cap and trade programs to steal carbon credits. It is estimated that attackers stole as many as 250,000 carbon credits valued around $4 million.
The AppRiver report explains “The emails pretended to be from the German Emissions Trading Authority who is responsible for handling the implementation of emissions trading as per the Kyoto Protocol. Recipients were told that they needed to re-register their accounts with the Agency and when they did, the attackers gained complete access to these accounts.”
One thing seems consistent throughout the AppRiver report: attackers are opportunistic. Whether its natural disasters, global sporting events, tax time, or the death of a celebrity, attackers will take advantage of current events to greatly increase their odds of success.
Obviously, companies should have security measures in place to identify malware threats, weed out unwanted spam e-mail, and generally guard against cyber attacks. But, IT administrators should also be aware of breaking news, and prepared to be more vigilant in detecting and blocking threats related to major events.
You can follow Tony on his Facebook page , or contact him by email at tony_bradley@pcworld.com . He also tweets as @Tony_BradleyPCW .