As much as we try to help computer users to get smarter about social engineering, cybercriminals are devising attacks that are smarter and sneakier than ever.
Social engineering attacks threaten your business security at its weakest point: your users. SophosLabs detects enormous volumes of spam designed to spread malware to unwary people who should know better, but are sometimes fooled.
Spam brings malware and phishing
James Lyne, Global Head of Security Research at Sophos, warns that social engineering attacks are getting more advanced as operating systems become better secured. “There are certain stereotypes about these kinds of spam messages, but they aren’t always true,” James says in an interview with SCMagazineUK.com. “For example, scam messages don’t always have bad English, poor copies of logos or really obviously dodgy links. Sometimes they look practically identical to legitimate messages.”
We saw many targeted attacks against users and businesses in 2013 using convincing spam emails disguised as legitimate ones. These hoax messages may attempt to trick users into divulging their usernames and passwords (known as phishing). And spam can deliver dangerous Trojan payloads: malware that compromises a computer when a user unknowingly opens a malicious file. As we reported in our Security Threat Report 2014, most of the malicious spam attachments we saw in June of 2013 were carrying loaders like Zbot/Zeus, which the cybercriminals use to load (or drop) other malware onto your infected computer.
Zbot delivering dangerous ransomware
Malicious spam attachments such as Zbot are increasingly loading the dangerous ransomware known as Cryptolocker, which encrypts all of the data and files on your computer and demands a ransom of up to $1,000 to set your files free.
One particularly tricky spam attack SophosLabs detected recently exploits the growing awareness of Cryptolocker to trick users into downloading a fake security “patch” to protect against “new malware circulating over the net,” allegedly from security vendors. (Security companies will never deliver patches in an email.)
According to Naked Security blogger Paul “Duck” Ducklin:
The email doesn’t explicitly mention the Cryptolocker ransomware that locks your files and tries to sell them back you. But there is little doubt that many recipients, having heard of the ongoing saga of Cryptolocker, will be more inclined than usual to read on.
In this fake security patch attack, the attachment is Zbot. According to Duck, Sophos detects this malware proactively for Windows as HPMal/Zbot-C. Sophos on non-Windows platforms, including gateway products, detects the malware’s various components as Troj/Agent-AEWF and Troj/Agent-AEWG. Sophos web and email filters proactively quarantine attacks of this sort by identifying the file as suspicious.
Another popular type of spam attack is the spoofed shipping delivery notice, which claims to come from the postal service in your country (e.g., USPS, Royal Mail and Canada Post) or a well-known delivery company (e.g., UPS, FedEx and DHL). We saw an increase in this type of attack during the holiday shopping season, as well as numerous Black Friday and Cyber Monday themed spams promising outlandish deals.
Targeted attacks against Mac users
Not even Mac users are immune to the threat of social engineering. According to our Security Threat Report 2014, last year Sophos identified backdoor Trojans that compromised Macs in Asia through Word documents claiming to discuss human rights abuses in Tibet. We also reported that, in February of last year, Apple employees’ Macs were compromised by hackers via a zero-day Java vulnerability. The targeted attack also victimized Facebook and Microsoft Mac business users at around the same time. These attacks may reflect hackers’ recognition that it’s easier to attack businesses through social engineering, rather than to attack the target company’s well-defended infrastructure.
Train your users about social engineering, phishing and spam
We can help you train and educate users about social engineering attacks. Our free security guide, called Threatsaurus, offers tips and simple explanations and a quick-reference glossary of threats. Threatsaurus includes an online version of definitions and tips for users to avoid phishing, spam and other types of security threats.
Watch this video featuring Duck’s explanation of how you can use Threatsaurus to educate your organization.
Learn more about email security
For more information about email threats, and how to protect your sensitive data, download our free whitepapers: Who’s Snooping on Your Email?, and Don’t Let Data Loss Burn a Hole in Your Budget. These papers help you identify data threats and show you how to implement a practical data loss prevention strategy (registration required).
Sophos SafeGuard Enterprise
We make it simple for you to manage your security policies and data protection across your organization. With SafeGuard Enterprise, you’ll be ready to comply with data privacy laws and keep the wrong people from seeing your organization’s or your customers’ confidential information.
- Uses a single console to manage full-disk, removable media, file-share, and cloud storage encryption
- Provides up-to-date security status for all your devices with reporting and auditing that lets you monitor and enforce compliance with internal policies and external regulations
Sign up for a free 30-day trial today.