Proofpoint’s Quarterly Threat Summary from the fourth quarter of 2016 has given security agencies quite a bit of information to ponder.
The Quarterly Threat Summary is a comprehensive analysis of the threat trends across all forms of communication, including social media, mobile phone, and email.
2016’s Q4 report is centered on the sharp increase of social media phishing attacks from the beginning to the end of the year 2016.
The analysis revealed that social media phishing attacks went up by 500%, mentioning the introduction of new phishing tactics as the key instigator of this trend.
Predominantly, a new phishing technique called angler phishing was listed among the new and rapidly spreading phishing techniques.
Angler Phishing Takes Over Social Media
In this type of phishing, the attacker(s) would create fake accounts on Twitter and masquerade as legitimate customer support personnel for various well-known brands.
Afterwards, they would prey on the customers of the brand who had left feedback on the real customer support Twitter accounts and take the opportunity to forward malware-laced links or steal credit card information.
The report noted that this particular kind of phishing technique was frequently seen on entertainment and financial services accounts.
It also mentioned that there was a 100% increase in the number of fraudulent social media accounts between the third and fourth quarter of 2016. These accounts were primarily used by attackers for phishing, spam, and malware distribution. As a result, the amount of spam content on social media increased by 20%.
Thousands of Mobile Apps Created for the Rio 2016 Summer Olympics Contained Malware
Aside from phishing, 4,500 mobile apps that were associated with anything to do with the Rio 2016 Summer Olympics were reported to have been risky or malicious in nature. There was an abundance in Android and iOS applications that could potentially leak personal data.
Interestingly, the number of ransomware variants in the Q4 report was thirty times more than what was seen in the third quarter of 2016, most of which were Locky-related.
However, the Q4 report also revealed that CryptXXX and Cerber ransomware were still in use. Distribution of ransomware was primarily via email, much like phishing, although exploit kits were also put to use.
CEO to CFO Spoofs Substituted with CEO to Employee Spoofs
As for positive news, the number of business email breaches reduced significantly in Q4, as a drop of 28% in CEO to CFO spoofs was recorded. Considering the high volume of CEO to CFO spoof emails previously, it is understandable how CFOs became more principled and alert to the threat.
Furthermore, an increase in DMARC implementation, a method of blocking spoofing attempts, can be directly attributed to the decline of this phishing technique. However, attackers have seemingly decided to employ newer techniques, one of which involves distributing spoof emails from the CEO to employees.
Exploit Kit Usage Remained Low
Since the high profile Angler EK arrests made in the second quarter of 2016, the use of exploit kits has remained moderate to low. Proofpoint also reported that large-scale malicious advertising campaigns were still prevalent and showed no signs of slowing down any time soon.