Endpoint Protection

 View Only

Latest Intelligence for September 2017 

Oct 06, 2017 10:01 AM

Some of the key takeaways from September’s Latest Intelligence, and the threat landscape in general, include new activity by the Dragonfly attack group, new Locky spam campaigns, and a phishing scam targeting students.

Malware

The email malware rate increased for the sixth month in a row for September, where one in every 312 emails was malicious. The Agriculture, Forestry, & Fishing section was the most heavily impacted industry, where the malware rate came in at one in 129 emails, followed by the Mining section at one in 196 emails.

[click_to_tweet:1]

In September, Symantec uncovered new links between attacks against the energy sector and the infamous Dragonfly attack group. Dubbed “Dragonfly 2.0,” this campaign began in 2015, though there has been a marked increase in activity in 2017. The campaign appears to gather intelligence on how various western energy facilities operate, though it has also been seen gaining access to operational systems—enough so that the group could potentially sabotage or take control of these systems.


Figure 1. Symantec uncovers new links between attacks against the energy sector and the infamous Dragonfly attack group

Spam

The spam rate declined slightly in September, after increasing for four straight months. However, at 55 percent, the rate is still well above the 54.3 percent average over the last year. The Mining and Manufacturing sectors saw the highest spam rates for the month at 59.4 and 56.4 percent, respectively.

There were a number of new spam campaigns discovered spreading a variant of the Locky ransomware family. As many as six waves of spam were distributed during mid-September, where initial variants encrypted files on the target’s drive with a .ykcol extension. Ransom demands were reportedly set at 0.5 bitcoin. Symantec detects this Locky variant as Ransom.Locky.B.

Phishing

The phishing rate came in at one in 2,644 emails for September. While it has declined slightly for the second month in a row, it is still well above the rates seen earlier in the year, just slightly below the 12-month peak seen in July (one in 1,968 emails).


Figure 2. The phishing rate for September 2017 was one in 2,644 emails

Just as many schools kicked off a new academic year in September, a new phishing scam masquerading as a student loan organization in the UK was discovered. The scam claims that the student’s load accounts have been suspended due to inaccurate information. The target is urged to update their information and is provided a link to a phishing site. The information collected appears to be gathered by the attackers to carry out identity theft.

Mobile & Social Media

Manually shared scams topped the list of social media scams in September, comprising 67 percent. Fake Offers came in second, but decreased by 30 percentage points after a significant presence in August. In early September a malicious email campaign was discovered leveraging the content delivery network (CDN) of a popular social media site to compromise computers. To carry out these attacks, the attacker uploads malicious downloaders to various user groups, which stores it in the CDN, and then makes note of the file’s URL. This social media site’s URL was then added to the malicious emails and distributed in a spam campaign.

There was one new malware family discovered in September. Android.Wirex is a Trojan horse for Android devices that opens a backdoor, connects to a botnet, and has been witnessed participating in DDoS attacks. The botnet operations had previously been disrupted, leading it to upgrade its capabilities in order to carry out UDP flood attacks.

This is just a snapshot of the news for the month. Check out the Latest Intelligence for the big picture of the threat landscape with more charts, tables, and analysis.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.