Email remains the top attack vector and the biggest challenge for WordPress Security. WP Security threats range from SPAM that clogs inboxes and wastes resources until EMAIL FRAUD that can cost organisations and people millions of euros. The modern exploitation threat landscape also includes a variety of Web-based threats like span social channels and cloud applications. New mainstream interest in CRYPTOCURRENCY is driving advances in malware and new approaches to phishing and cybercrime. The results, based on data collected across global customers and analysis of over one billion messages per day, highlights the methods of actors, who are stepping up attacks that exploit “the human factor”.
Analysing the malicious messages, new trends emerge in how attackers target victims and the volume of email they send:
• Dropbox phishing was the top lure for phishing attacks. Twice as many phishing messages used the file-sharing service to entice victims than the next most popular lure. However, click rates for DocuSign lures were the highest at over five times the average click rate for the top 20 lures, demonstrating that volume did not necessarily equate to effectiveness.
• Observed network traffic of coin mining bots jumped almost 90% between September and November 2017. This threat activity closely mirrored the rise and fall of the value of Bitcoin, the best-known cryptocurrency.
• Ransomware and banking trojans accounted for more than 82% of all malicious email messages, making them the most widely distributed malware types. But by the end of 2017, many campaigns also included coin miner modules or secondary payloads.
• Microsoft Office exploits appeared regularly in email campaigns but they usually came in short bursts. This pattern highlights the short shelf life of exploits before they are rendered ineffective due to organisations patching their systems to fix the vulnerability.
Attacks throughout the year ranged from massive malicious spam campaigns to highly targeted email fraud attacks. While no industries were immune, we did observe noteworthy targeting trends:
• Education, management consulting, entertainment and media firms experienced the greatest number of EMAIL FRAUD attacks, averaging over 250 attacks per organisation.
• Construction, manufacturing and technology topped the most phished industries.
• Manufacturing, healthcare and technology firms were the top targets of crimeware.
• Ransomware predominated worldwide, but Europe and Japan saw the highest regional proportions of banking Trojans, with 36% and 37% of all malicious mail in those regions respectively.
In the broadest sense, phishing is an attempt to persuade someone to interact with an unsafe email. Phishing emails are used to trick recipients into opening unsafe attachments, clicking unsafe URLs, handing over account credentials and other sensitive information, wiring money and more.
In email fraud attacks, an email or series of emails purporting to come from a top executive or partner firm asks the recipient to transfer money or send sensitive information. It does not use malicious attachments or URLs, so it can be hard to detect and stop.
WordPress Security Recommendations:
• Deploy email gateway solutions that prevent unsafe emails from reaching users in the first place. And have tools and processes in place that help you quickly detect and resolve any threats that get through.
• Invest in an advanced email security solution that protects against the full range of tools and techniques used in attacks. Your solution should include awareness training. And it must protect against credential phishing, fraud, and unsafe URLs and attachments.