Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

ABTV //

Phishing

12/14/2018
09:35 AM
Larry Loeb
Larry Loeb
Larry Loeb
50%
50%

Phishing Emails, Trojans Continued to Proliferate in Q3 – Report

Researchers at Comodo Cybersecurity found that phishing emails continued to proliferate in the third quarter of this year, with PayPal as a major target. Malware, such as Trojans, also remain a top security issue.

Should a message from PayPal with a subject line of "Your Account Will Be Locked" shows up in your email inbox, Comodo Cybersecurity thinks you had better leave it alone.

This particular malicious message is the top phishing email found in the firm's "Global Threat Report 2018 Q3." The link leads to a page that will attempt to steal your PayPal credentials. Purported emails from PayPal with subject lines of "IMPORTANT: PLEASE LOGIN TO YOUR ACCOUNT PAYPAL TO VERIFY YOUR INFO" and "A REVIEW OF THE TRANSACTION #9489504" were also in the top ten list of email phishes during this time.

In addition, DHL and Microsoft Azure were part of the top ten list of spoofed phishing origins for the third quarter of this year.

The report found that the US lead in phishing page hosting by a large margin, with over 64% of registered sites, followed by Germany (4.6%), Turkey (3.2%), Australia (3%) and France (2.5%).

Emerging phishing trends found by Comodo included creation of more plausible legends for disguising malicious intent, the exploitation of ubiquitous, trusted brand names and attaching malware payloads directly to phishing email rather than linking to fake sites.

The researchers also saw the rise of implanting long-lived malware to control compromised machines for covert use for various sustained criminal activities over a longer period.

The report found that the most popular malware for enterprise assault included Trojan droppers, Trojan generics, password stealers, potentially unwanted applications (PUA) and backdoors.

In what may be a surprise to many, Canada was the most malware-infested country -- by number of unique infections -- throughout the entirety of the third quarter followed by Russia, US, Germany and Indonesia.

But, in the third quarter, the US -- as with hosting malware and phishing websites -- led other countries by a large margin (37.3%) in botnets, followed by China (8.3%), Russia (6.4%), France (5.5%) and Germany (5.3%).

Geographically, the report found that southern hemisphere of the world is heavy with network-based malware. Comodo attributes this to regional economics, as well as enterprises more likely deploying older, unlicensed or unpatched software, which may lead to increased infestation of malware.

There were other geographically located characteristics as well. Researchers found Russian networks to be in very poor health, due to use of older or pirated software. These versions are notoriously difficult to update or patch.

South African computers appeared to be wide open to worms, which travel the Internet autonomously, and are capable of quickly compromising many computers over a short time span.

Comodo also noted that the five most common computer worms throughout the world were:

  • Autorun: 1.5 million detections
  • Brontok: 843,000 detections
  • Conficker: 257,000 detections
  • Nimda: 171,000 detections
  • Gael: 48,000 detections

The three countries where Comodo detected the most malware overall during these months were Russia, the US and Poland. The report also took a look at the effect of malware in elections in Mali, the Russia Federation, Turkey, Sierra Leone, Azerbaijan and Columbia.

The threat landscape globally remains varied and dangerous. This report enumerates some of the threats that have been detected, not all of which are at the top of security people's consideration.

Related posts:

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internet—and What Your Organization Can Do About It
The Threat from the Internet—and What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.