Email users may have experienced a serious decline in spam
over the past couple months, however, a Web security trends report by M86 Security released today at RSA in San Francisco says cybercriminals are coming
up with new and innovative methods of phishing as well as producing increasingly
robust and complicated exploit kits.
The report, which assesses spam, phishing, and malware
activity, showed that the prevalence of spam in December 2010 was one third of
what it was in June when M86 released the first of their bi-annual Web security
trend reports. M86 research seems to indicate that disruptions to and takedowns
of major botnets, such as the Pushdo/Cutwail
and Mega-D,
and the closure of spammit.com, a popular spam affiliate program, are among the
causes for spam being at its lowest levels since November of 2008.
Further reasons for the drop in spam prevlence could be
that social networking cites like Twitter, Facebook, and LinkedIn are easier
targets as the general public becomes more aware of email based scams. With a little
knowledge or a a
cheaply bought toolkit, scammers can replicate their favorite social
networking sites and trick users into taking pay-per-click surveys, or worse,
redirect them to a page infected with malware.
While phishing scams delivered via email are down due to a
rise in awareness, third party phishing is on the rise. This is because
cybercriminals are finding ways of pilfering financial information while their victims
are visiting legitimate banking sites. They are also posing as various national
revenue agencies, like the IRS
and the New Zealand Department of Inland Revenue, to phish banking information by
offering bogus tax refunds.
Furthermore, exploit kits continue to rise. New kits, like
the Siberia
Exploit kit and Neosploit’s malware-as-a-service kit are offering services
to their customers in an attempt to become one-stop shops for malicious needs.
“What is especially noteworthy is that our findings demonstrate
that vulnerabilities already patched are continuing to be successfully used for
malicious gain. Organizations and individuals must get better at updating their
applications and staying ahead of attacks on their devices and their networks,”
said Bradley Anstis, vice president of technical strategy, M86 Security. “While
the M86 Security Labs report notes that great strides are being made in
thwarting cyber-criminal attempts, there is always something else coming
through the back door.”