The third quarter of 2014 was dedicated to celebrity account hackings and corporate data breaches. By the end of the quarter, it was clear that no system is perfect with the announcement of the Shellshock bug affecting the BASH shell. Cybercriminals also used global tragedies, such as Ebola and airline disasters, to further enhance their phishing, spam, and malware distribution efforts. Cyberoam, in collaboration with its partner, CYREN brings you a detailed report with recent web malware and spam trends of the third quarter (Jul-Sep 2014).
The Apple iCloud celebrity data breach made news, but in the wake of the same, CYREN attempted looking a little deeper into the cybercrime targeted at the Apple device market. CYREN analytics observed an increase in Apple users being targeted. One prominent message the celebrity phishing-photo scandal left behind was that Apple users are an increasing target for scams and hacking. While the iOS and OSX operating systems still remain relatively safe, more and more individuals globally are buying Apple devices and using Apple services, which could account (in part) for the increased targeting of Apple users. There are currently more than 800 million Apple IDs in use. Over 300 million individuals hold iCloud accounts, giving them access to 5 GB of online storage, as well as email, calendar, and photo stream. And, phishing attacks are at least three times more likely to be successful on a smart phone than on a desktop or laptop.
On top of increased phishing, CYREN noted that Apple initiated a new email alert campaign shortly after the celebrity attacks. It informed Apple iCloud users that their Apple ID was recently used to sign into an iCloud account. While the email is entirely legitimate, it provided scammers the opportunity to imitate an official large-scale email campaign. The report also discusses Apple iPhone6 adware scams.
The Bash-Shellshock SHELLSHOCK Bug
The report identifies the Bash-Shellshock bug as another story of importance in Q3. Shellshock exploded on the scene this quarter, making headlines in major newspapers and security blogs. Discovered by a French security expert in mid-September and disclosed publicly in late September, it has been deemed by many as the “world’s most dangerous Internet security bug.” CYREN detected Shellshock attacks using the “CGI-based web server attack” technique through a specially crafted HTTP cookie header request field. Attackers have also used other HTTP request header fields such as ‘User-Agent,’ ‘Accept,’ ‘Referer’ and ‘Host’ to inject the malicious Bash commands.
Tragedy drives the headlines.
Apart from the Apple scams and Shellshock bug, Cybercriminals also used global tragedies, such as Ebola and airline disasters, to further enhance their phishing, spam, and malware distribution efforts. A simple click through the leading news websites tells a sad story: More Ebola Victims. Expanding War in the Middle East. Death, Floods, Famine. The list goes on. The use of “sensationalism” to promote a headline or sell an item is nothing new. And, in the third quarter, hackers put this technique to good use.