Phishing goes back to basics for attack methods

Phishers are adopting a ‘back to basics' approach with attacks.

 

According to analysis of more than 20 billion internet threats by Network Box, the majority of emails sent by cyber criminals still deploy tactics designed to persuade the recipient that they should visit a website, or download a file.

 

Simon Heron, internet security analyst for Network Box, claimed that although the tactics are not evolving, the game plan of the criminal is getting ever-more sophisticated.

 

He said: “The objective for the new attack method is either to lure individuals to a site where they can be persuaded to part with private information such as usernames and passwords; or, to install Trojans onto a private computer in order to recruit it to a botnet.

 

“Social networks and file sharing sites are another target for malware to be embedded. We are becoming increasingly blasé about downloading content from unknown sources. Our use of social media means we are easily targeted.

 

“For example, it is already easy for a hacker to encourage people using Twitter to click on an infected website. We know that Flickr had a vulnerability that lets hackers insert malicious code to downloadable images; and YouTube has been reported as having vulnerabilities including SQL injection.”

There has also been a big increase in the number of infected websites, according to Network Box, who claimed that most emails are drive users to infected sites by persuading them to install an application such as flash updates or, ironically, new anti-virus software.

 

Heron said: “Hackers use incredibly realistic imitations of anti-virus software or application update software, mimicking the kind of pop-ups you'd expect to see on your PC, in the right colours, style and sequence.

 

“In some cases, they will point you to genuine sites to fool security software, but have infected that site to their own ends. Blogs are a prime target for this as they are usually not monitored rigorously.”

Sign up to our newsletters