This week’s FortiGuard Threat Intelligence Brief reports on a spike in an Android advertising library, a fake series of banking sites used to phish credentials, as well as a campaign using the old faithful “we couldn’t deliver your package” courier scam. While hackers weren’t quite as active as they were over the past couple of weeks, our top five identified malware variants still generated over 3 million attack attempts.
1. Adware, Spyware, and Man-in-the-Middle. This week has been like homecoming as we have detected a number of threats that have been around for years. For example, we saw a 10X spike in the implementation of an Android library that inserts ads into applications. While adware may seem more like a nuisance problem, in many cases these ads are used to direct victims to more malicious sites and infected downloads. We also saw a jump in a spyware variant that we have been tracking since 2013, and about a half a million infections from a new variant of the classic MITM attack.
2. Phishing Scams. We also recorded a large number of fake online banking sites pop up this week, designed to lure and infect unsuspecting customers. Phishers continue to get better and better at this because, as of this writing, less than 5% of these fake sites have been identified as malicious by vendors. We also detected the return of the “we couldn’t deliver your package, click here for details” email scam, designed to lure recipients to download malware through an infected link. Given the regular success of these sorts of social engineering attacks, it may be time to send out another update to your staff reminding them that if they don’t know where something came from, don’t click on it.
One successful technique to educate employees is for the security team to do some phishing of their own. Sending out unsolicited, anonymous emails to employees, with a link that records users who click on it, and then generates a message telling them that if this had been actual malware they would now be owned, can be an effective object lesson to correct this behavior.
Get the Report
For more detailed information about the attacks described in this week’s roundup, we recommend subscribing to our FortiGuard Threat Intelligence Brief. It lists even more identified vulnerabilities - including our Top Five lists for Malware Activity and Application Vulnerabilities - and provides links to deeper details around the threat research Fortinet’s global security research team gathers and analyzes each week.