As July makes its way into August, the 2012 Summer Olympics in London will spend a couple of weeks at center stage. Much of the live action will happen as Americans are at work, and millions of fans will be following the Games online.
A recent survey by SpectorSoft Corporation of Vero Beach, Fla., a maker of computer and mobile-device monitoring and recording software, found that 40 percent of employees plan to follow the Olympics from their workplace computers. Plenty more will be checking out the results on whatever Internet-connected device they have handy.
But these events only happen periodically, and we know the bad guys don't take a year, or four, off. Instead, online criminals depend on current events and trending topics in order to develop the next wave of social-engineered attacks.
"In the past, we have seen [criminals] leverage the death of a celebrity or a popular event like Black Friday to send phishing emails on that topic, or use black-hat SEO [search engine optimization] techniques and even purchase keywords so their malicious site appears high on search results," explained Brendan Ziolo, VP of marketing at Kindsight, a digital-security company based in Mountain View, Calif.
"Because the user is anxious to see this news or get the latest specials," Ziolo said, "they click on the links without thinking and become infected."
ou would think that after a while, we would become a lot more immune to, or at least more aware of, social-engineered attacks, but the opposite appears to be true.
According to Ziolo and Kindsight's Q2 Malware Report, email that drives users to a malicious website, which then infects visitors with malware via a drive-by download, was the most common attack method in April, May and June of this year.
"The main infection method continues to be email messages luring victims to websites running a variety of exploit kits," Ziolo said. "The victim would typically receive an email message from a business or the government informing them of an issue with their account. This would contain a reasonable-looking link to a website.
"The website would actually host an exploit kit such as Blackhole. This would probe their system and attempt to infect it," Ziolo said.
The use of trending topics to socially engineer an attack needs be successful from the criminal's point of view.
Social-engineering tricks require a lot of time and effort, said Costin Raiu, director of global research and analysis at Kaspersky Lab in Moscow.
"What is standard at the moment is this," Raiu said. "We have automatic bots that scan sites such as Google Trends, Google News and Twitter trends, looking for the topics people like to talk about. Then the bad guys will generate Web pages on the fly on those particular topics and add exploit code into the pages."
0 comments:
Post a Comment