Upload
cyren
View
86
Download
1
Embed Size (px)
DESCRIPTION
Insights from CYREN's Q2 2014 Internet Threats Trend Report
Citation preview
April 8, 2023 © 2014 CYREN Confidential and Proprietary
INSIGHTS FROM CYREN'S NEW Q2 TREND REPORT
© 2014 CYREN Confidential and Proprietary2
IN TODAY’S WEBINAR
Android ransomware and banking malware
The rise and fall (and rise) of Zbot
PDFs and Docs – real and unreal
Worldwide, World Cup phishing
Stock scams with Oakmont Stratton
© 2014 CYREN Confidential and Proprietary3
© 2014 CYREN Confidential and Proprietary
ANDROID MALWARE TRENDS
© 2014 CYREN Confidential and Proprietary4
PC RANSOMWARE
© 2014 CYREN Confidential and Proprietary5
POLL – RANSOMWARE HONESTY
Do you know someone who paid the ransom? Did they get their files back? They paid and got their files back They paid and lost their files They refused to pay and lost their files They refused to pay and managed to regain access to their PC Happily I don’t know anyone who has been infected
© 2014 CYREN Confidential and Proprietary6
ANDROID RANSOMWARE ARRIVES
May – “ransomware” – but no encryption
June – ransomware with encryption
AndroidOS/Simplocker.A.gen!Eldorado.
© 2014 CYREN Confidential and Proprietary7
ANDROID RANSOMWARE ARRIVES
Before and after encryption Scans SD card and encrypts files like .jpg, .png, .doc amongst others
© 2014 CYREN Confidential and Proprietary8
ANDROID IBANKING MALWARE
SMS/spyware – collects Text messages, Phone calls Recorded audio
Works in tandem with PC-based malware Intercepts SMS codes sent by banks
Android OS/Agent.HJ
© 2014 CYREN Confidential and Proprietary9
UNKNOWN SOURCES?
© 2014 CYREN Confidential and Proprietary10
NO MALWARE DETECTED
''Virus Shield'', priced at $3.99 in the Google Play store
30,000 copies in April
Does nothing
© 2014 CYREN Confidential and Proprietary11
POLL: YOUR MOBILE APPS
Where do you download apps Android: The Google Play Store Android: Anywhere I can find apps iOS: Only the iTunes Store iOS: Jailbroken device – anywhere I can find apps
© 2014 CYREN Confidential and Proprietary
MALWARE TRENDS
© 2014 CYREN Confidential and Proprietary13
A QUICK ZBOT HISTORY
Zeus Trojan (PC) discovered ~2007 Generally steals credentials - Banks, email,
social media Keyloggers, screenshots Sold as botnet creation kit
Zeus botnet, other botnets Distributed command and control Millions of victims 2012 – Microsoft takedown of SpyEye
Gameover Zbot Peer to peer encrypted botnet June 2014- Operation Tovar disrupted botnet July – new variants emerging…
© 2014 CYREN Confidential and Proprietary14
ONE OF THE LAST ZBOT EMAILS
Attachment: Eonenergy-Bill-29052014.scr displays a PDF icon
W32/Zbot.BXN
© 2014 CYREN Confidential and Proprietary15
ANOTHER ZBOT SENT USING DROPBOX
© 2014 CYREN Confidential and Proprietary16
ACTUAL PDFS CAN ALSO BE PROBLEMATIC
Securedoc.pdf from BoA
Versions of reader attacked: 9.3x – 9.5x, 10.1x, 11, 11.001 (The current version is 11.0.07)
© 2014 CYREN Confidential and Proprietary17
WORD DOCS TO AVOID
traking_doc_MW421330771CA.doc
aircanada_eticket_[random_number].doc
efax__[random_number].doc
file-_[random_number]_doc
President Obama’s Speech.doc
© 2014 CYREN Confidential and Proprietary18
SECURITY EDUCATION POLL
Do you think people are aware that a PDF or Doc file could be harmful? Yes No
© 2014 CYREN Confidential and Proprietary
PHISHING TRENDS
© 2014 CYREN Confidential and Proprietary20
WORLD CUP PHISHING
Chance to win “World-Cup” related prizes Cielo – biggest credit card provider in Brazil
© 2014 CYREN Confidential and Proprietary21
GLOBAL BANK PHISHING
Global brands American Express, Bank of America, or Barclays
Country-specific Natwest (Britain) Danske Bank (Denmark) Swedbank and SEB (Sweden) Bank of India (India) Credem (Italy) Hypovereinsbank (Germany)
© 2014 CYREN Confidential and Proprietary
SPAM TRENDS
© 2014 CYREN Confidential and Proprietary23
SPAM LEVELS
Spam levels continue to drop
June average is lowest in 5 years!
Q2 Average55 Billion
June Average49 Billion
© 2014 CYREN Confidential and Proprietary24
Q2 SPAM TOPICS
Pharmacy Products
43%
Job Offer22%
Stock16%
Diet8%
Other4%
Online Casino3%
Phishing2% Malware
1%
Pharmacy ProductsJob OfferStockDietOtherOnline CasinoPhishingMalware
© 2014 CYREN Confidential and Proprietary25
PUMP AND DUMP - RCHA
Buy: 417,000 @ 0.19
Sell: Many more @ 0.36
Profit ~$63,000
© 2014 CYREN Confidential and Proprietary26
Q2 SPAM COUNTRIES, SPAM ZOMBIES
Argentina 8%
Spain 8%
Vietnam 7%
United States 6%
Germany 5%
Italy 5%Iran
4%Brazil 4%Colombia
4%Mexico
3%
Others46%
© 2014 CYREN Confidential and Proprietary27
SAVING HOSTING COSTS…
Google Docs phishing email Google logo at the top stored on legitimate Internet security blog called
http://www.onlinethreatalerts.com/
© 2014 CYREN Confidential and Proprietary
GLOBALVIEW
© 2014 CYREN Confidential and Proprietary29
GLOBALVIEW CLOUD AND PRODUCT FAMILIES
WEB EMAILANTIMALWARECYREN WebSecurityURL-Filtering
MobileSecurityAntiVirus
CYREN EmailSecurityEmail Messaging SuiteAntiSpamOutbound AntiSpamIP ReputationAntiVirus for Email
GlobalViewTM Cloud
© 2014 CYREN Confidential and Proprietary30
We focus on our core competencies so our partners can focus on theirs.
Technical Account ManagersPartner Success Program
COMMITTED TO PARTNER SUCCESS
WHAT MAKES US DIFFERENT
© 2014 CYREN Confidential and Proprietary
© 2014 CYREN Confidential and Proprietary
ANY QUESTIONS?