Like most other criminals, cyber criminals are opportunistic. They target individuals who have let their guard down or are not aware, in order to install malware on computing devices. Once the malware is installed, the criminal is able to control the device and extract data or perform other actions as part of a larger attack, such as denial-of-service (DoS) attacks. Fake applications, bots, trojans, rootkits, viruses, and spyware are used to carry out their attack once the computer has been breached. One of the best ways they use to gain access is by taking advantage of a breaking news event and the consumer's need for finding out what is taking place.
According to Commtouch, a provider of Internet security technology and cloud-based services for vendors and service providers, it is taking cyber criminals less time to incorporate the latest breaking news into the attack. In the month of September the company said the average time it takes a malware to be distributed by exploiting news events was 22 hours. The Commtouch (News - Alert) Security Lab has also seen these criminals creating breaking news correlating to the most newsworthy item circulating around the world.
These criminals choose the most popular outlets, such as CNN and others, to create what appears to be a legitimate e-mail from these organizations. Once the recipient opens this e-mail, the malware is installed on the device and it begins to exploit the system.
Commtouch Security Lab said on Friday, Sept. 6, a malware was distributed and appeared to be an alert from CNN with the subject line "The United States Began Bombing." This correlates to the time when possible strike against Syria was looming. Other news events earlier this year also produced a fast response from cyber criminals with 55 hours for the appointment of the new Pope, and 27 hours for the Boston Marathon bombing. The 22 hours it took for the Syrian news only indicates the proficiency level of malware writers is improving.
With the increased number of smartphones, there will be more people online any time of the day. This presents a clear and present danger to site operators, businesses, and individual users. The key as mentioned earlier is to be vigilant and not fall prey to opportunistic attacks. If you are a news junkie bookmark your favorite sites and click on them directly instead of going through an e-mail or any other type of link. This is just one way in which you can stop an attack, but the resourcefulness of the malware writers can never be underestimated so always keep an eye out.
Edited by Alisen Downey