Phishing goes back to basics for attack methods

By

Phishers are adopting a 'back to basics' approach with attacks.


Phishers are adopting a ‘back to basics' approach with attacks.

According to analysis of more than 20 billion internet threats by Network Box, the majority of emails sent by cyber criminals still deploy tactics designed to persuade the recipient that they should visit a website, or download a file.

Simon Heron, internet security analyst for Network Box, claimed that although the tactics are not evolving, the game plan of the criminal is getting ever-more sophisticated.

He said: “The objective for the new attack method is either to lure individuals to a site where they can be persuaded to part with private information such as usernames and passwords; or, to install Trojans onto a private computer in order to recruit it to a botnet.

Social networks and file sharing sites are another target for malware to be embedded. We are becoming increasingly blasé about downloading content from unknown sources. Our use of social media means we are easily targeted.

For example, it is already easy for a hacker to encourage people using Twitter to click on an infected website. We know that Flickr had a vulnerability that lets hackers insert malicious code to downloadable images; and YouTube has been reported as having vulnerabilities including SQL injection.”

There has also been a big increase in the number of infected websites, according to Network Box, who claimed that most emails are drive users to infected sites by persuading them to install an application such as flash updates or, ironically, new anti-virus software.

Heron said: “Hackers use incredibly realistic imitations of anti-virus software or application update software, mimicking the kind of pop-ups you'd expect to see on your PC, in the right colours, style and sequence.

In some cases, they will point you to genuine sites to fool security software, but have infected that site to their own ends. Blogs are a prime target for this as they are usually not monitored rigorously.”

See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
attackbackbasicsforgoesmethodsphishingsecurity

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?