This article contains information on common email-based cyber threats, including Phishing, Spyware, Trojans, Viruses, Worms, Ransomware, and more, explaining their characteristics and potential impacts on individuals and organizations.
Email remains the undisputed primary medium used to conduct cyberattacks. As cybercriminals become more sophisticated in launching email attacks, we've seen popular and damaging email threats rapidly evolve.
Threat Types:
Phishing: A phishing attack is a fraudulent attempt to obtain personal information such as usernames, passwords, financial details, or medical records.
Spyware: A type of software designed to secretly gather information about a person or organization
Trojan: A type of malware disguised as a legitimate file.
Virus : A type of malware program that self-replicates by modifying other programs and inserting its own code.
Worm: A standalone self-replicating malware program.
Dropper: A type of trojan that secretly delivers and runs malware on a victim's system.
Exploit: A piece of malicious software or code that's designed to take advantage of specific security vulnerabilities in programs, networks, or hardware.
Ransomware: A type of malware designed to extract a sum of money from its victims.
Spam: Spam email is unsolicited and unwanted junk email sent out in bulk to an indiscriminate recipient list.
Phishing
A Phishing Attack is a fraudulent attempt to obtain personal information such as usernames, passwords, financial details, or medical records.
Attackers use social engineering to disguise themselves as trustworthy entities (e.g. banks or governments) and send electronic communications via email spoofing, instant messaging, or text messaging. The content of this communication is designed to trick the recipient into clicking a link and entering personal information on a fake website.
Some Phishing Attacks are highly sophisticated and personalized to target an individual or a few recipients, whereas others are much simpler and sent in bulk to lots of recipients.
Why Phishing Emails Bypass Spam Filters
Despite advanced security measures, some Phishing emails still reach users' inboxes due to several factors:
-
Permitted Sender entries that override standard security checks.
-
Emails sent directly to Microsoft Exchange environments, bypassing MX records.
-
Low spam scores that don't trigger immediate blocking.
Different Types of Phishing Attacks
There are many types of Phishing Attacks. The following table describes some of the most common:
|
Type |
Description |
|---|---|
|
Spear Phishing |
Targeted at a specific individual or organization. Attackers often use personal information about the target to make the scam more believable. |
|
Whaling |
Pretending to be a senior leader at an organization and targeting other senior leaders. These scams attempt to trick the target into initiating financial transactions or divulging sensitive information. |
|
Cat Phishing |
Using a fake online profile to target individuals and persuade them to provide money or information. These types of scams are most common on dating sites. |
|
Clone Phishing |
Taking a legitimate email and creating an almost identical copy with the links or attachments replaced with malicious versions. The cloned email is sent from an email address spoofed to look like it's from the original sender. |
|
Voice Phishing |
Tricking the target into calling a number and divulging personal information such as passwords or bank account details. |
|
SMS Phishing |
Tricking the target into clicking a link or dialing a number sent in a text message. |
Spyware
Spyware is a type of software designed to secretly gather information about a person or organization. Although some types of spyware have legitimate purposes (e.g. monitoring employee behavior) many are simply malicious.
Because malicious spyware needs to operate undetected, it's disguised as a legitimate file or app to mislead users about its true intent. It can be bundled with legitimate software, or included in fraudulent software and sites.
Once active, spyware can perform a range of malicious activities such as stealing and selling personal information, recording web browsing habits, and displaying unwanted pop-up ads.
Different Types of Spyware
There are many types of Spyware. The following table describes some of the most common:
|
Type |
Description |
|---|---|
|
Adware |
Sells data to advertisers and displays unwanted pop-up ads. |
|
Password Stealers |
Monitors for login and password forms. Collects all the credentials entered by the user or password manager software. |
|
System Monitors |
Captures everything the victim does on their device. This includes keystrokes, apps used, emails sent and received, and sites visited. |
|
Tracking Cookies |
Records information about the user's web browsing habits such as searches, downloads, and sites visited. Often used to display more targeted adverts. |
Trojan
A Trojan, sometimes called a Trojan horse, is a type of malware disguised as a legitimate file or app to mislead users about its true intent.
Once installed, Trojans can perform a range of malicious activities, such as giving attackers access to the infected system, stealing personal information, deleting files, or infecting other systems on the network.
Trojans can't run and replicate themselves like viruses or worms. Instead, they rely on tricking users into installing and running malware on their own systems. This often happens as a form of social engineering deception.
Different Types of Trojans
There are many different types of Trojans. The following table describes some of the most common:
|
Type |
Description |
|---|---|
|
Backdoor |
Provides attackers with access to the infected system. This enables them to take control of the system and perform a range of malicious activities. |
|
Banker |
Steals sensitive banking data (e.g. login information and account codes). |
|
Distributed Denial of Service. |
Sends a large number of superfluous requests from infected systems to overload targeted web servers and stop genuine requests from being processed. |
|
Fake stimulates |
Simulates the activity of anti-virus software and demands money to remove fake and real threats from the system. |
|
Mailfinder |
Harvests email addresses from the infected system. |
|
Ransom |
Demands a ransom to undo the damage the malware has done to the system. This can include preventing access to the system or files. |
|
Remote Access |
Gives attackers full control of the infected system. |
|
Rootkit |
Hides malware to stop it from being detected on a system. This enables the malware to run for longer periods of time. |
|
SMS |
Sends and intercepts text messages on the infected mobile device. These messages are sometimes sent to premium numbers. |
Virus
A Virus is a malware program that self-replicates by modifying other programs and inserting its own code. This allows it to spread between programs in a similar way to a biological virus spreading between living cells.
Virus creators use social engineering deceptions and their knowledge of security vulnerabilities to infect systems. Once infected, viruses can be hard to detect because they often use sophisticated stealth strategies.
Although not all viruses are malicious, many are designed to perform harmful activities. This might include things like stealing personal information, acquiring central processing unit time and hard disk space, destroying data, or even disabling systems.
How Viruses Differ from Worms
The main difference is how they're activated. Viruses insert themselves into other programs and lie dormant until the infected program is run. Worms are stand-alone programs that can run independently.
Different Types of Viruses
There are many different types of Viruses. The following table describes some of the most common:
|
Type |
Description |
|---|---|
|
Boot Sector |
Infects a system's master boot record and can be very difficult to remove. This type is normally spread using physical media such as USB drives. |
|
Browser Hijacker |
Hijacks web browsers and redirects web requests to malicious sites. |
|
Direct Action |
Targets a particular file type, most commonly executables. When the file is run, it attempts to spread to similar files in the directory. |
|
Multipartite |
Spreads through multiple methods and infects both the boot sector and executable files. This can make it very hard to remove. |
|
Network |
Spreads through network connections and replicates itself via shared resources. This can quickly degrade network performance. |
|
Overwrite |
Deletes the contents of any files it infects. This type is usually spread via email and can be hard to detect. |
|
Polymorphic |
Alters its signature each time it replicates. This makes it one of the most difficult types of virus to detect and remove. |
|
Resident |
Installs itself on a system. Even if the original infected file is removed, a resident virus can continue to work independently. |
Worm
A Worm is a standalone self-replicating malware program. It's designed to run independently without needing to infect a host program or be activated by a user.
Once inside a system, worms make multiple copies of themselves and exploit security vulnerabilities to infect connected devices. As each copy repeats the self-replication and propagation process, worms can spread rapidly across computer networks causing large-scale disruption in a short space of time.
As well as disrupting networks, Worms can perform a variety of other harmful activities. This can include taking control of infected devices, deleting files, encrypting files as part of a ransomware attack, or stealing personal information.
How Worms Differ from Viruses
The main difference is how they're activated. Worms are stand-alone programs that can run independently. Viruses insert themselves into other programs and lie dormant until the infected program is run.
Different Types of Worms
There are many different types of Worms. The following table describes some of the most common:
|
Type |
Description |
|---|---|
|
|
Distributed as an email attachment or a clickable link in the email body. This type propagates by sending itself to addresses in the infected device's email address book. |
|
File Sharing |
Disguised as a media file in a peer-to-peer file-sharing network. It copies itself into a shared folder and waits for another user to download it. |
|
Instant Messaging |
Distributed as an attachment or a clickable link in an instant messaging app. This type propagates by sending itself to addresses in the infected device's contact list. |
|
Internet |
Infects a vulnerable online service and then replicates onto devices accessing the service or looks for other remote hosts that could be infected. |
Dropper
A Dropper is a type of Trojan that secretly delivers and runs malware on a victim's system. It's designed to get malware past initial gateway security scanning and then avoid detection when installed. One Dropper can carry a number of unrelated malware executables in a bundle.
Droppers are often delivered by email attachments, malicious URLs, or peer-to-peer file sharing. Other less common sources include visiting infected websites or downloading a legitimate but infected app.
Many Droppers delete themselves once they've completed their initial task and the malware has been installed. However, the most dangerous types are persistent droppers that attach themselves to a hidden file and create registry keys. This means they run each time the system is restarted and can make updates to the installed malware. It can be hard for anti-virus scanners to find and delete the file and all the keys.
Different Types of Droppers
There are two main types of Droppers based on how many stages they run.
|
Type |
Description |
|---|---|
|
Single Stage |
These contains embedded malware files that are encoded to make it hard for anti-virus scanners to detect them. They decode once they're dropped. |
|
Two-Stage (also known as Downloaders) |
These are harder to detect because they don't contain any malware. Instead, they create a backdoor to download malware from the internet onto the system. They may also download and decompress other harmless files to disguise their malicious activity. |
Exploit
An Exploit is a piece of malicious software or code that's designed to take advantage of specific security vulnerabilities in programs, networks, or hardware. These vulnerabilities are the result of mistakes in the software development process.
Attackers hide Exploit kits on popular websites. The compromised site secretly redirects the victim so their operating system and programs can be scanned for vulnerabilities, and the exploit kit capitalizes on any found vulnerabilities.
Exploits can either be standalone or built into malware. Standalone Exploits are typically used to gain administrator privileges or take control of a specific program, whereas malware uses them to hide in a trusted process that contains a vulnerability.
Software companies regularly test for vulnerabilities and provide patches to fix them. However, even if a fix has been released, organizations and users who don't regularly update their software are at risk.
Exploits that are only known to the hackers who discovered them are called zero-day exploits. They're particularly dangerous because they can be used to target large numbers of organizations and users until the software company discovers the vulnerability.
Different Types of Exploits
Exploits are classified by the type of vulnerability they Exploit. The following table describes some of the most common:
|
Type |
Description |
|---|---|
|
Buffer Overflow |
Writing more data to a memory buffer than it can hold. This is used to either take control of vulnerable software or cause it to malfunction. |
|
Cross-Site Scripting (XSS) |
Injecting malicious code into a website that runs in the victim's browser rather than on the site. This is often used to steal sensitive personal information directly from the user. |
|
Cross-Site Request Forgery (XCRF) |
Forcing an authenticated user to submit malicious requests to a web server. This is used to perform unwanted actions on the user's account such as changing their password or transferring funds. |
|
Denial-of-Service (DoS) |
Overloading web servers with numerous superfluous requests to stop genuine requests from being processed. |
|
SQL Injection |
Injecting malicious SQL commands into a website's input forms. This is used to steal or alter data within the server database. |
Ransomware
Ransomware is a type of malware designed to extract a sum of money from its victims. Attacks are normally carried out using Trojans disguised as legitimate files that the user is tricked into opening. Sometimes Ransomware can also spread via worms without any user interaction.
Once active, Ransomware typically uses asymmetric encryption to lock access to the victim's files, folders, or drives. Other types of Ransomwaremay steal and threaten to publish the victim's sensitive files online, or even completely lock them out of their system.
Simple Ransomware can be easy for an expert to reverse, but more advanced encryption-based attacks can be very difficult to reverse. This means many victims have to pay the ransom to receive the decryption key. Digital currencies like Bitcoin are often used, making it hard to trace and prosecute the attacker.
Some victims may never recover their files or access their systems, even if they pay the ransom. It's in the attacker's best interest to reverse the damage, however, as failure to do so may stop future victims from paying.
Different Types of Ransomware
There are many types of Ransomware. The following table describes some of the most common:
|
Type |
Description |
|---|---|
|
Crypto |
Encrypts the victim's files, folders, or drives and asks for a ransom to decrypt them. |
|
Doxware |
Threatens to publish stolen personal information online unless the ransom is paid. |
|
Locker |
Locks the victim out of their own system until the ransom is paid. |
|
Scareware |
Tricks the victim into downloading more malicious software or paying to fix a threat, such as a virus, that doesn't exist. |
Spam
Spam email is unsolicited and unwanted junk email sent out in bulk to an indiscriminate recipient list.
Spam is also a medium for fraudsters to scam users into entering personal information on fake Web sites using emails forged to look like they are from banks or other organizations, such as PayPal.
|
Type |
Description |
|---|---|
|
Image Spam |
Image Spam is an obfuscation method by which text of the message is stored as a GIF or JPEG image and displayed in the email. |
|
Blank Spam |
Blank Spam is spam lacking a payload advertisement. Often the message body is missing altogether, as well as the subject line. Still, it fits the definition of spam because of its nature as bulk and unsolicited email. |
|
Backscatter Spam |
Backscatter is a side-effect of email spam, viruses, and worms. It happens when email servers are misconfigured to send a bogus bounce message to the envelope sender when rejecting or quarantining email (rather than simply rejecting the attempt to send the message. |
Comments
Please sign in to leave a comment.