5 Email Campaigns Evading In-Market Security Solutions

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7
Next 5 Email Campaigns Evading In-Market Security Solutions-3 Next

Locky Ransomware Campaign

In this campaign, attackers used malicious emails as a vector to compromise systems by installing malware from the Locky Ransomware family, which encrypts all files on a compromised system. It was found that attackers sent malicious emails to all recipients on the same day, and that all emails appeared to come from the same sender. The emails had similar subject lines with variances in the invoice number in an attempt to add authenticity to the emails. Each recipient was sent two document attachments with the same name, which included the Bartallex macro. If opened, the Locky Ransomware malware was automatically downloaded onto the system.

Email is still the primary attack vector for many cybercriminals. In addition to malicious attachments and URLs, credential phishing is also on the rise and placing everyday users at the root of the attack. Why? Cybercriminals are using advanced attack methods that are consistently evading traditional detection tools. As such, organizations are beginning to realize that these advanced attacks can only be detected through multi-dimensional behavioral analytics that operate on diverse data sources and use a full spectrum of machine learning techniques.

Over a two-month period, security analytics firm Niara worked with customers to analyze email traffic and found a number of malicious email campaigns that sophisticated attackers were using to circumvent traditional defenses in order to gain a foothold within the enterprise and steal sensitive information. This slideshow presents five of the malicious email campaigns detected. Niara has also identified the tools, techniques and procedures used in each, which can be used to determine if your organization has been targeted by any of these campaigns.


Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

More Slideshows

Compliance4-190x128 GRC Programs: Building the Business Case for Value

Experience shows that organizations that manage GRC as an integrated program — involving people, processes and technologies — are more successful in delivering value to their organizations ...  More >>

Social14-190x128.jpg 10 Ways to Improve Your Social Media Security Policy and Posture

When phone calls, video conference information, pictures, chat logs, etc. are all stored in a central location via social media, a potential hacker has access to just about everything, quickly and easily. ...  More >>

Security120-290x195 5 DDoS Myths Debunked

Unearth the real story behind five commonly held myths about distributed denial-of-service attacks. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.