Published: April 12, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
The past year was no stranger to malware attacks and there seems to be no end in sight going forward. Malware offenses aimed at businesses and individuals happen every day, and many of those attacks evolve and improve over time. 2019 was no exception and checking out some of the most reviled malware might ring a bell, or at the very least, you’ll know it’s out there. Ransomware, botnet malware, and cryptomining attacks still rely on email phishing as the best delivery method and it was stronger than ever this past year. Even your inbox has gotten more dicey since improved malware easily hides in an unremarkable email. Also, knowing a few key email phishing red flags always helps keep malware where it belongs–not on your device.
Possibly the biggest malware threat to enterprise organizations and individuals alike has begun shifting to target small-to-medium-sized businesses (SMBs). Originally aiming mostly at healthcare and finance companies, SMB's are more vulnerable for many reasons. Employee error, targeted phishing attacks, and limited resources are just some of the reasons that 65% of SMBs are out of business within 6 months of their first hack. Attacks like Emotet, GandCrab, Trickbot, and Dridex are once again some of the most prevalent and effective types of ransomware this year.
Botnets are the preferred method for delivering enormous amounts of ransomware and cryptomining malware. In 2019, botnets were also responsible for delivering more ransomware than any other existing method. The largest botnet ever discovered, Emotet, delivers massive amounts of malware to targets. Trickbot has become the financial industry’s nightmare by distributing devastating ransomware attacks.
Although cryptojacking has declined over the past two years, it's far from dead. Without user permission, cryptomining malware takes over device resources, mainly its power. You see, to mine cryptocurrency takes an enormous amount of processing power. The power is stolen for cryptocurrency mining for the bitcoin e-currency market. Unknown to the user, the power is completely drained and the device is often left unusable. It’s low-risk, guaranteed money in a less malicious way than other malware, but not much comfort in that.
“Red Flags” For Email Phishing
Unknown sender, generic or strange greeting, such as “Dear customer” or “Dear Mr.” with no name.
Sense of urgency, preys on emotions like concern, fear, and surprise. You have seen these. Perhaps you received a message that asks you to click the button or your account will be frozen.
If you can’t trust or verify the sender, better left unopened. Be 100% sure before clicking.
Links in email text. They easily redirect you to websites created to steal sensitive information.
Don’t open attachments. Proven time and again, they can infect a device with malware in just one click and often, the user won’t even know.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at email@example.com