5 Email Campaigns Evading In-Market Security Solutions

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7
Next Next

Locky Ransomware Campaign

In this campaign, attackers used malicious emails as a vector to compromise systems by installing malware from the Locky Ransomware family, which encrypts all files on a compromised system. It was found that attackers sent malicious emails to all recipients on the same day, and that all emails appeared to come from the same sender. The emails had similar subject lines with variances in the invoice number in an attempt to add authenticity to the emails. Each recipient was sent two document attachments with the same name, which included the Bartallex macro. If opened, the Locky Ransomware malware was automatically downloaded onto the system.

Email is still the primary attack vector for many cybercriminals. In addition to malicious attachments and URLs, credential phishing is also on the rise and placing everyday users at the root of the attack. Why? Cybercriminals are using advanced attack methods that are consistently evading traditional detection tools. As such, organizations are beginning to realize that these advanced attacks can only be detected through multi-dimensional behavioral analytics that operate on diverse data sources and use a full spectrum of machine learning techniques.

Over a two-month period, security analytics firm Niara worked with customers to analyze email traffic and found a number of malicious email campaigns that sophisticated attackers were using to circumvent traditional defenses in order to gain a foothold within the enterprise and steal sensitive information. This slideshow presents five of the malicious email campaigns detected. Niara has also identified the tools, techniques and procedures used in each, which can be used to determine if your organization has been targeted by any of these campaigns.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

Security117-190x128.jpg 5 Steps to Protect Executives from a Whale-Phishing Attack

Whaling is a type of spearphishing targeting "big fish" in an organization with access to sensitive, highly-valuable information. ...  More >>

Security116-190x128.jpg 5 Common Failures Companies Make Regarding Data Breaches

Five common failures companies make when preparing for, and responding to, a data breach, as well as guidance for companies on how they can tackle these issues. ...  More >>

Security115-290x195 Data-Centric Approach Starves Data-Hungry Cybercriminals

Incorporating security capabilities such as encryption, better control and management and a data security framework will help alleviate the burden breaches place on the organization and people's lives. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.