Rise of the blended attacks
As users have become savvier about traditional threats like email attachments, cybercriminals are increasingly
attempting to integrate multiple forms of attacks. Research indicates that criminals are more frequently converging
their attacks across multiple communications channels, such as email, instant messaging, websites, mobile
computing and VoIP.
They are also using several different malware components at once, such as worms, Trojans, spyware, keyloggers, and spam and phishing schemes. This blending of attacks is making malware more complex, and personal information is increasingly the target.
The most common type of blended attack uses spam email messages or instant messages to distribute links to websites where malware or spyware is secretly downloaded to computers. These types of attacks are on the rise and in July 2007 a massive Storm Worm assault used this method. In one day around 142 million emails was spammed out containing URLs leading to Web pages infected with the infamous Storm Worm Trojan. The messages typically claimed that an electronic card had been sent to the recipient and that the e-card could be viewed by clicking the enclosed URL.
This e-card tactic has been a favourite of the Storm Worm crew for a long time and these IM or email-based blended attacks are very effective. No attachment means no antivirus block, and when combined with a user-friendly invitation, these attacks easily lead people to websites where malware gets downloaded – mostly without user interaction or knowledge.
Another common blended attack uses Distributed Denial of Service (DDoS) attacks combined with phishing emails. For example, a bank's website is taken down by a DDoS attack and shortly afterward the bank's customers receive emails apologising for the inconvenience, directing them to an "emergency site", of course fake and malicious.
In 2007, users of the popular employment website Monster.com were victims of an attack that blended several elements – stolen credentials of users, phishing emails, Trojan horses, ransomware and more. About 1.3 million resumes were stolen from Monster's database and the personal information was used to create convincing messages that left password-stealing Trojans and ransomware on users' computers.
Another example of the trend toward blended attacks can be found in the increasing blending of phishing and VoIP. Such an attack could involve a phishing email, apparently being sent by a credit card company, asking recipients to "re-authorise" their credit cards by calling a 1-800 number. The number leads them (via VoIP) to an automated system in a foreign country that asks that they key in their credit card number.
One such threat was aimed at users of eBay's PayPal online payment site. The attack used phishing emails to persuade PayPal customers to call a fake customer service call center where they were asked to disclose personal information including their credit card details by an automated voice system.
Attacks like these have also taken place using SMS text messages instead of emails.
