Published on the 14/08/2019 | Written by Jonathan Cotton
Email scams, ransomware and extortion – and enterprise is a prime target. What’s behind the resurgence of the internet’s most dangerous annoyance?…
Who would have thought email scamming would be such a growth industry in 2019?
But that’s what it is according to a slew of new reports which find scammers doubling down on the email format and enterprise targets.
Malwarebytes says its seen a staggering 235 percent increase in threats aimed at organisations of all sizes, particularly of the small business and enterprise variety. One of the major contributors to that growth is ransomware.
Malwarebytes’ quarterly threat report Cybercrime techniques and tactics (CTNT): Ransomware retrospective [pdf] explores this seeming shift in ransomware attacks from the historically common consumer targets to organisations, businesses and, increasingly frequently, municipalities.
“An increasing number of more sophisticated targeted attacks are using obfuscation, layering and bundling of malware to avoid detection.”
“Ransomware…is back in a big way – targeting businesses with fierce determination, custom code and brute force,” says Malwarebytes.
“Ransomware is expected to continue to evolve through manual and blended attacks with worm-like functionality, as well as more paired attacks with other malware families.”
Over the last year, month on month business detections of ransomware have increased almost constantly, rising 365 percent from Q2 2018 to Q2 2019.
Symantec has reported similar eye-watering statistics. The security software company says it blocked 300 million extortion scam emails in the first five months of 2019.
“We [have] witnessed a revival and evolution in email extortion scams, which are exactly what they sound like: scam emails that attempt to extort cash from victims,” says Symantec.
The company says these scams use variations in the messages – such as using attachments or obfuscated characters for example – in an attempt to evade email protection technologies.
“For example, some spam filters might work by blocking emails with Bitcoin addresses in the body–- hence why attackers may have then turned to using PDF attachments or obfuscated text to try to bypass the spam filter.”
So what’s behind the resurgence? Large-scale internet dumps of breached data plays at least a part.
“Most of these emails…contain a password or partial phone number previously (or perhaps still) associated with the email address the email is sent to,” says the company.
“This is included to make it appear the attacker has access to private information about the recipient – when in fact they almost certainly obtained it from one of the many large password dumps of recent years.”
So how successful are scams like this? What’s the return for the scammer?
During May, Symantec examined the 5,000 most-seen Bitcoin addresses in scam emails over the course of the month. Over a total of 243 transactions, just 63 of those wallets received bitcoins. The average amount going into each wallet however, was around 12.8 bitcoins. In May the value of one bitcoin was US$8,300, meaning these wallets received a total of approximately US$106,240 per month, or just under US$1.3m per year.
And the scammers are only growing more sophisticated. Mimecast’s new Threat Intelligence Report provides analysis of 67 billion rejected emails (of 160 billion processed by Mimecast) and finds a variety of increasingly complex malicious attack techniques in play.
“Many simple opportunistic attacks… use well-known ‘lowest common denominator’ threat vectors and basic social engineering techniques. These types of attacks attempt to feed off the weak – those organisations that have simplistic security controls.
“However, an increasing number of more sophisticated targeted attacks are using obfuscation, layering and bundling of malware in an effort to avoid detection. In addition, these attacks are becoming more aware of their environments, implementing multiple evasion techniques as appropriate in a further effort to avoid detection.”
So what’s a wary emailer to do? Be on the lookout for increased incidences of brand fraud, says the email management company.
“With the shift to SaaS-based services for both business and personal activities, users have become accustomed to receiving emails with status updates, requests for additional information and the like.
“This has created an opportunity for threat actors to both harvest credentials for future attacks and deliver malware through emails that fraudulently appear to come from a well-known, trusted brand.”
The company says the research reinforces a previously observed trend: Malware-centric campaigns are becoming increasingly sophisticated and complex, often using different pieces and types of malware in different phases of the attack.