Cyber Threat Update 3/26/2015

EPIC CTU

Of the 30,000 websites that our iGuard analysts rated over the past week, over 25% came at the request of our customers.  The majority of these websites were from professional services or corporate marketing, however real estate, health, and automotive rounded out the top five rating request.  We found almost 1000 new websites, of those 500 contained gambling content and 400 were sports-based.  This increase is likely tied to the NCAA Men’s Basketball Tournament, better known as March Madness. With roughly 1000 new website created, mixed with the March Madness craze, it is good to know what your employees are looking at online. The tournament craze will only growing stronger, lessening the amount productivity, as the tournament grows closer to the Final Four and Championship game.

From the Malware side, we are finding more sites that seek to emulate legitimate sites.  These URLs include Hartford financial and Sun Trust banks.  Typically these links are used in emails to deceive the recipients.  Other typical scam sites look for misspellings or bad typing like one site we found for gmaili[.]com. Just be to safe, we advise to manually type in URL’s as opposed to clicking on them.


EdgeWave EPIC provides comprehensive Military Grade cyber security to companies large and small in all sectors, deploying the latest in automated protection backed by 24/7 human analysis, and guarding against Advanced Persistent Threats. EdgeWave monitors networks and customizes security rules for over 6000 clients globally, ensuring compliance and timely reporting. Visit www.edgewave.com to find out how easy it is to secure your network.

Cyber Threat Update: 3/26/2015

cyber_threat_banner_PNG

This week, ePrism blocked over 571,000,000 spam messages.  The largest campaign stopped by our human review team originated in Estonia and used .us top level domains.  With over 9,500,000 blocks, the campaign used adult themes and all linked back to malicious URLs ending in 4di[.]es.  Campaigns of this nature are common.   The nature of the message usually provides a giveaway.  However other campaigns use better tactics.

We found a smaller but well-crafted campaign aimed at Google docs users.  The image below demonstrates a phishing attempts specifically designed to fool not only the recipients, but also standard email filtering services.  The only item that would give an indication of the phishing was the link.  Looking explicitly at URL link, our analysts were able to determine the sites validity.  Hackers are using other document sharing and productivity sites as a template for crafting phishing emails.  Always be careful of clicking any link in an email.  The best bet is to go to the site yourself and find the materials needed.

eprim


EdgeWave EPIC provides comprehensive Military Grade cyber security to companies large and small in all sectors, deploying the latest in automated protection backed by 24/7 human analysis, and guarding against Advanced Persistent Threats. EdgeWave monitors networks and customizes security rules for over 6000 clients globally, ensuring compliance and timely reporting. Visit www.edgewave.com to find out how easy it is to secure your network.

Cyber Threat Update: 3/19/2015

EPIC CTU

This week EPIC monitors for our iGuard system analyzed the last 10,000 malware we discovered looking for trends in which top level domains are producing the most malware links.  Although .coms and .nets continue to account for over half of the malware domains found, the list of nations where these sites originate is also interesting.  Topping our list, .co or Columbian websites had the most hits at almost 5.1%.  This was followed by .US (4.4%), UK (4.3%),  .RU (4.3%), and .CN (1.5%).  Interestingly, a second level domain made a strong appearance in our data.  Sites containing [.myfw.us] had a larger proportion of the .US hits.

 

What this data tell us is that malware sites continue to use .com and .net as primary sources. Just because a site looks familiar (i.e., .com or .net) doesn’t mean that it’s safe. 

 

Cyber Threat Update 3/17/2015

cyber_threat_banner_PNG

Spammers are smart. They have discovered ways to circumvent our defenses and fill our inbox with annoying, malicious content that is intended to make our lives a little more stressful. Fortunately, this is about a few of the less intelligent ones that our Human Analysts caught…

Over the past week, EdgeWave Analysts blocked a single campaign with over 16 million messages destined for our customers.  The campaign all linked back to a single URL of HTTP//cc4[.]co.  If the large volume and the fact that the emails all came within three days wasn’t enough, the fact that the subject line on all of them were adult in nature and the senders all had gibberish email addresses was easily spotted.  Additionally, the body of the message was just a picture looking to get clicked.

But don’t let this one foolish user fool you. Good spammers use much smarter.  They understand that email filters can be spoofed.  It is much tougher however to get past an actual person.  Over the past week, ePrism stopped 651 Million spam emails.  We still see a dearth of spam coming out of Russia and Europe.  Spammers will continue to seek ways to circumvent filters, but they won’t be able to circumvent active watchers.


EdgeWave EPIC provides comprehensive Military Grade cybersecurity to companies large and small in all sectors, deploying the latest in automated protection backed by 24/7 human analysis, and guarding against Advanced Persistent Threats. EdgeWave monitors networks and customizes security rules for over 6000 clients globally, ensuring compliance and timely reporting. Visit www.edgewave.com to find out how easy it is to secure your network.

March Madness Threats

March Madness will soon be here.  Productivity may take a hit as people start filling out brackets.  Over the past two weeks, we took a concentrated look the tourney searching for websites with these themes.  So far we have categorized almost 500 new websites that deal with the tournament and other sports.  However, we have not yet seen a large increase in associated malware site.  This may be due to the fact that malware sites don’t last long before being blocked and are saving the launching of the sites until the games start on March 17th (St. Patrick’s Day).  Typical future malware themes include “expert” advice on filling out brackets and other “hot picks”.

ncaa-logo

While malware trends have yet to increase, productivity will most definitely take a hit. Make sure your company’s website policies are able to handle this lengthy distraction!

 


EdgeWave EPIC provides comprehensive Military Grade cybersecurity to companies large and small in all sectors, deploying the latest in automated protection backed by 24/7 human analysis, and guarding against Advanced Persistent Threats. EdgeWave monitors networks and customizes security rules for over 6000 clients globally, ensuring compliance and timely reporting. Visit www.edgewave.com to find out how easy it is to secure your network.