Tag Archives: Trojans

Cyber criminals “exploiting human weaknesses” to make their gains

Cyber attackers are relying more than ever on exploiting people instead of software flaws to install malware, steal credentials or confidential information and transfer funds. A study by Proofpoint found that more than 90% of malicious e-mail messages featuring nefarious URLs led users to credential phishing pages, while almost all (99%) email-based financial fraud attacks relied on human clicks rather than automated exploits to install malware.

The Human Factor Report found that business e-mail compromise (BEC) attack message volumes rose from 1% in 2015 to 42% by the end of 2016 relative to e-mails bearing banking Trojans. BEC attacks, which have cost organisations more than $5 billion worldwide, use malware-free messages to trick recipients into sending confidential information or funds to cyber criminals.

BEC is now the fastest-growing category of email-based attacks.

Clicking

“Accelerating a shift that began in 2015, cyber criminals are aggressively using attacks that depend on clicks by humans rather than vulnerable software exploits, tricking victims into carrying out the attack themselves,” said Kevin Epstein, vice-president of Proofpoint’s Threat Operations Centre.

“It’s critical for organisations to deploy advanced protection that stops attackers before they have a chance to reach potential victims. The earlier in the attack chain you can detect malicious content, the easier it is to block, contain and resolve.”

Nearly 90% of clicks on malicious URLs occur within the first 24 hours of delivery, with 25% of those clicks occurring in just ten minutes and nearly 50% within an hour. The median time-to-click (the time between arrival and click) is shortest during business hours from 8.00 am to 3.00 pm EDT in the US and Canada, a pattern that generally holds for the UK and Europe as well.

Watch your inbox closely on Thursdays. Malicious e-mail attachment message volume spikes more than 38% on Thursdays over the average weekday volume. Ransomware attackers in particular favour sending malicious messages from Tuesday through until Thursday. On the other hand, Wednesday is the peak day for banking Trojans. Point-of-Sale campaigns are sent almost exclusively on Thursday and Friday, while keyloggers and backdoors favour Mondays.

Attackers understand e-mail habits and send most e-mail messages in the four-to-five hours after the start of the business day, peaking around lunchtime. Users in the US, Canada and Australia tend to do most of their clicking during this time period, while French clicking peaks around 1.00 pm.

Swiss and German users don’t wait for lunch to click. Their clicks peak in the first hours of the working day.

UK workers pace their clicking evenly over the course of the day, with a clear drop in activity after 2.00 pm.

Advertisements

Leave a comment

Filed under Risk UK News

Expert international cyber crime task force determined to tackle online criminality

The Joint Cyber Crime Action Task Force (J-CAT) has been launched to further strengthen the fight against cyber crime in the European Union and beyond.

Hosted at the European Cyber Crime Centre (EC3) at Europol, the J-CAT (which is being piloted for six months) will co-ordinate international investigations with partners working side-by-side to take action against key cyber crime threats and top targets, such as underground forums and malware (and including banking Trojans).

The J-CAT will be led by Andy Archibald, deputy director of the National Cyber Crime Unit from the UK’s National Crime Agency (NCA).

The J-CAT was initiated by Europol’s EC3, the EU Cyber Crime Task Force, the FBI and the NCA and comprises a team composed of cyber liaison officers from committed and closely involved Member States, non-EU law enforcement partners and EC3. Key contributors to the intelligence pool will be the EU Member States via EC3 as well as other law enforcement co-operation partners.

Thus far, Austria, Canada, Germany, France, Italy, the Netherlands, Spain, the UK and the US are part of the J-CAT. Australia and Colombia have also committed to the initiative.

J-CAT has been launched to fight the scourge of cyber crime

J-CAT has been launched to fight the scourge of cyber crime

Multi-lateral approach to the issue

Troels Oerting, head of the European Cyber Crime Centre, stated: “This is a good day for those fighting cyber crime in Europe and beyond. For the first time in modern police history, a multi-lateral permanent cyber crime task force has been established in Europe to co-ordinate investigations against top cyber criminal networks. The Joint Cybercrime Action Taskforce will operate from secure offices in Europol’s headquarters assisted by experts and analysts from the European Cyber Crime Centre.”

Oerting added: “The aim is not purely strategic, but also very operational. The goal is to prevent cyber crime, to disrupt it, catch crooks and seize their illegal profits. This is a first step in a long road towards an open, transparent, free but also safe Internet. The goal cannot be reached by law enforcement alone, but will require a consolidated effort from many stakeholders in our global village. The J-CAT will do its part of the necessary ‘heavy-lifting’. That work has already started. I’m confident we will see practical and tangible results very soon.”

Andy Archibald said: “There are many challenges faced by law enforcement agencies with regards to cyber criminals and cyber attacks. This is why there needs to be a truly holistic and collaborative approach taken when tackling them. The J-CAT will bring together a coalition of countries across Europe and beyond to co-ordinate the operational response to the common current and emerging global cyber threats faced by J-CAT members.”

In conclusion, Archibald stressed: “This is a unique opportunity for international law enforcement agencies to collectively share our knowledge aimed at defending against cyber-related attacks. The UK’s National Crime Agency is proud to be a founding member.”

Rapid rise in major international cases

EC3 is involved in cross-border cyber crime investigations and has seen a rapid increase in major international cases. The J-CAT aims to add significant value to international law enforcement co-operation, and to maximise the effectiveness of joint and co-ordinated actions.

Cyber crime affects citizens, businesses and Governments regardless of their national borders or jurisdictions. Police forces across the world face similar crimes and criminal targets. For that reason, more than with any other type of crime, it’s crucial to share intelligence and align priorities.

The J-CAT affords the possibility of addressing the most impactful crimes affecting many states in a joint, well-concerted manner and with the assistance of EC3.

The J-CAT will gather data on specific criminal themes from national repositories and from relevant Government and private partners, as well as transforming this raw data into actionable intelligence and proposing targets and networks for investigations. It will cover all relevant areas including malware coding, testing, distribution, Botnets, Crime-as-a-Service, online fraud, intrusion and similar top-end crimes.

In addition, it will organise dedicated consultation meetings with key actors in the private sector and the Computer Emergency Response Teams for the EU institutions, bodies and agencies (CERT-EU) to obtain their input on cyber crime threats that affect them and society in general.

Leave a comment

Filed under Risk UK News