Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

ABTV //

Phishing

12/14/2018
09:35 AM
Larry Loeb
Larry Loeb
Larry Loeb
50%
50%

Phishing Emails, Trojans Continued to Proliferate in Q3 – Report

Researchers at Comodo Cybersecurity found that phishing emails continued to proliferate in the third quarter of this year, with PayPal as a major target. Malware, such as Trojans, also remain a top security issue.

Should a message from PayPal with a subject line of "Your Account Will Be Locked" shows up in your email inbox, Comodo Cybersecurity thinks you had better leave it alone.

This particular malicious message is the top phishing email found in the firm's "Global Threat Report 2018 Q3." The link leads to a page that will attempt to steal your PayPal credentials. Purported emails from PayPal with subject lines of "IMPORTANT: PLEASE LOGIN TO YOUR ACCOUNT PAYPAL TO VERIFY YOUR INFO" and "A REVIEW OF THE TRANSACTION #9489504" were also in the top ten list of email phishes during this time.

In addition, DHL and Microsoft Azure were part of the top ten list of spoofed phishing origins for the third quarter of this year.

The report found that the US lead in phishing page hosting by a large margin, with over 64% of registered sites, followed by Germany (4.6%), Turkey (3.2%), Australia (3%) and France (2.5%).

Emerging phishing trends found by Comodo included creation of more plausible legends for disguising malicious intent, the exploitation of ubiquitous, trusted brand names and attaching malware payloads directly to phishing email rather than linking to fake sites.

The researchers also saw the rise of implanting long-lived malware to control compromised machines for covert use for various sustained criminal activities over a longer period.

The report found that the most popular malware for enterprise assault included Trojan droppers, Trojan generics, password stealers, potentially unwanted applications (PUA) and backdoors.

In what may be a surprise to many, Canada was the most malware-infested country -- by number of unique infections -- throughout the entirety of the third quarter followed by Russia, US, Germany and Indonesia.

But, in the third quarter, the US -- as with hosting malware and phishing websites -- led other countries by a large margin (37.3%) in botnets, followed by China (8.3%), Russia (6.4%), France (5.5%) and Germany (5.3%).

Geographically, the report found that southern hemisphere of the world is heavy with network-based malware. Comodo attributes this to regional economics, as well as enterprises more likely deploying older, unlicensed or unpatched software, which may lead to increased infestation of malware.

There were other geographically located characteristics as well. Researchers found Russian networks to be in very poor health, due to use of older or pirated software. These versions are notoriously difficult to update or patch.

South African computers appeared to be wide open to worms, which travel the Internet autonomously, and are capable of quickly compromising many computers over a short time span.

Comodo also noted that the five most common computer worms throughout the world were:

  • Autorun: 1.5 million detections
  • Brontok: 843,000 detections
  • Conficker: 257,000 detections
  • Nimda: 171,000 detections
  • Gael: 48,000 detections

The three countries where Comodo detected the most malware overall during these months were Russia, the US and Poland. The report also took a look at the effect of malware in elections in Mali, the Russia Federation, Turkey, Sierra Leone, Azerbaijan and Columbia.

The threat landscape globally remains varied and dangerous. This report enumerates some of the threats that have been detected, not all of which are at the top of security people's consideration.

Related posts:

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15820
PUBLISHED: 2020-08-08
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.
CVE-2020-15821
PUBLISHED: 2020-08-08
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.
CVE-2020-15823
PUBLISHED: 2020-08-08
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
CVE-2020-15824
PUBLISHED: 2020-08-08
In JetBrains Kotlin before 1.4.0, there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
CVE-2020-15825
PUBLISHED: 2020-08-08
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.