The State of Hacked Accounts

Similar documents
Quick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page

Internet Threats Trend Report October 2012

Fighting Spam, Phishing and Malware With Recurrent Pattern Detection

COMMON WAYS IDENTITY THEFT CAN HAPPEN:

Cyber Security Guide. For Politicians and Political Parties

Introduction to

10 Quick Tips to Mobile Security

Cyber Hygiene Guide. Politicians and Political Parties

How to Build a Culture of Security

BEST PRACTICES FOR PERSONAL Security

IT & DATA SECURITY BREACH PREVENTION

Online Scams. Ready to get started? Click on the green button to continue.

Internet Threats Trend Report April 2012

DIGITAL LIFE E-GUIDE. A Guide to 2013 New Year s Resolutions

Keeping Your PC Safe. Tips on Safe Computing from Doug Copley

Review Kaspersky Internet Security - multi-device 2015 online software downloader ]

How Enterprise Tackles Phishing. Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong

Manually Create Phishing Page For Facebook 2014

PROTECTING YOUR BUSINESS ASSETS

FAQ. Usually appear to be sent from official address

In This Report. Q Highlights. Pharmacy ads. 113 billion. 377,000 Zombies. India. Pornography/ Sexually Explicit. Streaming media/ Downloads

Security Gap Analysis: Aggregrated Results

Cybersecurity For The Small Business & Home User ( Geared toward Windows, but relevant to Apple )

Newcomer Finances Toolkit. Fraud. Worksheets

Course Outline (version 2)

WHITEPAPER. Protecting Against Account Takeover Based Attacks

JAPAN CYBER-SAVVINESS REPORT 2016 CYBERSECURITY: USER KNOWLEDGE, BEHAVIOUR AND ATTITUDES IN JAPAN

ATTACHMENTS, INSERTS, AND LINKS...

Quick Heal Total Security for Android. Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping.

Security and Privacy

South Central Power Stop Scams

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

2 User Guide. Contents

Antivirus Myths and Facts. By Helmuth Freericks

Kaspersky Small Office Security 5. Product presentation

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015

Panda Security 2010 Page 1

Commtouch Messaging Security for Hosting Providers

Machine-Powered Learning for People-Centered Security

The Quick-Start Guide to Print Security. How to maximize your print environment and minimize security threats

Quick Heal AntiVirus Pro Advanced. Protects your computer from viruses, malware, and Internet threats.

Cyber security tips and self-assessment for business

Evolution of Spear Phishing. White Paper

Psychology of Passwords: Neglect is Helping Hackers Win

CERTIFIED SECURE COMPUTER USER COURSE OUTLINE

CUSTOMER TIPS: HOW TO GUARD AGAINST FRAUD WHEN USING ONLINE BANKING OR ATM s

CLICK TO EDIT MASTER TITLE STYLE Fraud Overview and Mitigation Strategies

Most sites will ask for a user name, address and password. Instead of using your full name, consider a fun user name that protects your privacy.

Internet and Mini.K.G Senior Scientist, FRAD, CMFRI

Employee Security Awareness Training

BRING SPEAR PHISHING PROTECTION TO THE MASSES

I really like Exclaimer: they do well-written, stable software. Robert Pearman, Microsoft MVP.

KnowBe4 is the world s largest integrated platform for awareness training combined with simulated phishing attacks.

How to recognize phishing s

Cyber Security Guide for NHSmail

The Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It

Image Credit: Photo by Lukas from Pexels

Train employees to avoid inadvertent cyber security breaches

Some jobs are listed in local classified ads, like the ones found in the newspaper.

Online Security and Safety Protect Your Computer - and Yourself!

Webomania Solutions Pvt. Ltd. 2017

Quick Heal AntiVirus Pro. Tough on malware, light on your PC.

The Challenge of Spam An Internet Society Public Policy Briefing

SOCIAL NETWORKING'S EFFECT ON BUSINESS SECURITY CONTROLS

Keep the Door Open for Users and Closed to Hackers

Internet Threats Trend Report April 2012

How Small to Medium-Sized Businesses Can Leverage the Cloud in Secure, Money-Saving Ways A White Paper by CMIT Solutions

Protect Yourself Against VPN-Based Attacks: Five Do s and Don ts

Staying Safe on the Internet. Mark Schulman

In This Report. Q Highlights. 149 billion. Pharmacy ads. 258,000 Zombies. India. Streaming media/ Downloads. Parked Domains

Welcome. Password Management & Public Wi-Fi Security. Hosted by: Content by:

Quick Heal Mobile Security. Free protection for your Android phone against virus attacks, unwanted calls, and theft.

Creating and Using an Account

Features. Product Highlights. Not just an app, but a friend for your phone. Optimization. Speed. Battery. Storage. Data Usage

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Security Awareness. Presented by OSU Institute of Technology

Adobe Security Survey

Welcome to the new ORBIT!

Botnets: major players in the shadows. Author Sébastien GOUTAL Chief Science Officer

FIREWALL BEST PRACTICES TO BLOCK

3.5 SECURITY. How can you reduce the risk of getting a virus?

To learn more about Stickley on Security visit You can contact Jim Stickley at

Protecting from Attack in Office 365

6 TIPS FOR IMPROVING YOUR WEB PRESENCE

Norton Online Reputation Report: Why Millennials should manage their online footprint

Create strong passwords

STEAM Clown Production. Passwords. STEAM Clown & Productions Copyright 2016 STEAM Clown. Page 1 - Cyber Security Class

Fighting Phishing I: Get phish or die tryin.

Thanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at

Getting over Ransomware - Plan your Strategy for more Advanced Threats

Multi-Factor Authentication FAQs

The emerging battle between Cyber Defense and Cybercrime: How Technology is changing to keep Company and HR data safe

Chromebooks boot in seconds, and resume instantly. When you turn on a Chromebook and sign in, you can get online fast.

About Lavasoft. Contact. Key Facts:

KSI/KAI Cyber Security Policy / Procedures For Registered Reps

Security Awareness. Chapter 2 Personal Security

Securing the SMB Cloud Generation

Reduce Your Network's Attack Surface

A Step by Step Guide to Postcard Marketing Success

INTERNET SAFETY IS IMPORTANT

Transcription:

October 2011

Overview The use of compromised (e.g. stolen credentials or hacked) accounts to send spam and scams has increased throughout 2011 to become a growing percentage of the unwanted email that is being sent by spammers. Commtouch tracks spam, malware and Internet threats through the billions of Internet transactions it sees daily in its cloud-based GlobalView Network. Earlier this year, Commtouch Labs identified the trend of the increasing use of compromised accounts to send spam and malicious email messages; as a complement to the data gleaned from Commtouch s bird s eye view of global email traffic, the following end-user research was compiled, in order to explore issues related to the theft, usage and recovery of these compromised accounts. This document reviews the survey and its results, shares some data from the GlobalView Network, and includes tips for users to prevent their accounts from being hacked or compromised. Introduction THE CHANGING SPAM LANDSCAPE In March 2011, the Rustock botnet, which was responsible for over 30% of global spam, was taken down by a Microsoft-led consortium. In the past, botnet takedowns have resulted in temporary drops in spam levels followed by sustained increases, as spammers created new botnets and resumed their mass mailings. The months following the takedown have not exhibited this pattern however, with spam levels dropping to their lowest levels in several years. This sustained drop indicates that spammers are rethinking the use of large botnets for spam and scam emails as these become less profitable. There are two main reasons for the drop in profitability: 1) Botnets can be taken down (and other high-profile botnets aside from Rustock have been), instantly destroying vast amounts of spam-sending infrastructure. 2) IP reputation based anti-spam has become very effective at blocking spam originating from botnets with typical success rates of 85-95% even before looking at other factors that bring detection rates into the high 90 th percentile. The first issue can be partially sidestepped by running many small botnets. This does not however resolve the second issue how to bypass IP reputation systems. SPAMMERS SWITCH TACTICS In order to bypass the issues with sending spam from botnets, spammers are increasingly moving their traffic from botnets to compromised email accounts wherever possible. The blocking of spam from compromised accounts is more difficult for many anti-spam technologies, since these accounts exist within whitelisted IP address ranges (such as Hotmail or Gmail), thereby neutralizing the effect of any Page 1

solution based on IP address blocking (aka IP Reputation ). Naturally spammers can set up their own accounts rather than compromising others, but email providers obstruct this phenomenon to the best of their ability. The other advantage of a compromised account is that recipients are often more trusting of the information since it comes from a known source. Compromised accounts do, however, present two main disadvantages for spammers: 1) They can only be used for relatively small spam runs of a few hundred or thousand messages without being detected by the provider. This does partially account for the reduced spam levels. 2) The accounts need to be compromised/hacked/stolen first. The new spammer tactic therefore favors compromised accounts delivering smaller volumes of spam with a better delivery rate. INCREASED USE OF COMPROMISED ACCOUNTS The increased preference for compromised accounts is illustrated by the graph below which compares the percentage of spam received over sample periods in Q2 and Q3 2011, where the from field includes Gmail or Hotmail. Based on the IP address, received spam could either be: Sent from a zombie with a phony Gmail or Hotmail address in the from field Or, sent from a compromised or spammer account at Gmail or Hotmail The collected data shows compromised accounts growing in Q3 for both Hotmail and Gmail. Between 28-35% of the spam purportedly from Hotmail comes from real Hotmail accounts that have been compromised or set up by spammers. Gmail spam, on the other hand, is mostly (96-97%) from zombies that simply forge Gmail addresses. Q2 and Q3 2011 analysis of spam from Gmail and Hotmail Source: Commtouch. Page 2

Surveying compromised accounts The increased use of compromised accounts raises several questions: What accounts are targeted? How are the accounts compromised? Are the accounts used for other purposes besides spam and scams? How do users figure out that their account is compromised? How do users regain control of their accounts? To better understand these issues, during September and October 2011, Commtouch initiated a public survey of email users who have had their accounts hacked or credentials stolen. The survey was publicized on LinkedIn, Twitter, Facebook, and the Commtouch Blog. WHICH ACCOUNTS WERE TARGETED Participants were asked which of their account(s) were compromised. Each of the large Webmail providers (Gmail, Yahoo, Hotmail and Facebook) attracted in the range of 15 to 27 % of the attention from cybercriminals. This demonstrates that the value of a compromised account is in the clean IP address, rather than the specific domain of the address. From this point of view, all accounts have a similar value since it is from a well-known domain. Among those who responded other were users of AOL, Comcast and several other providers. Page 3

HOW WAS THE ACCOUNT COMPROMISED The majority of survey respondents 62% were not sure how their account was compromised, indicating that many people typically engage in risky online behavior without realizing it. It is not always easy to figure out how an account gets compromised and retracing steps doesn t always help. None of the respondents believed they had been phished or had been victims of a drive-by download (by following a phony link). It is quite likely that many of the victims simply used easy-to-guess passwords. 15% recalled having used a public Internet terminal or public WiFi prior to the hack. Page 4

WHAT WAS DONE WITH THE STOLEN ACCOUNTS The value of a stolen account is twofold it provides a clean IP address, and in addition there is an element of trust that comes with a message since it is (in most cases) received from a friend or acquaintance. It is not surprising that most compromised accounts 54% are therefore used to send out spam. The second most common type at 12% is the friend stuck overseas scam that blatantly exploits the trust element. Examples of both of these types are provided here. Of the 23% of respondents that did not know how their compromised account had been abused, it may be assumed that these were used for a mix of spam and scams. Page 5

HOW WERE THE ACCOUNT OWNERS MADE AWARE OF THE COMPROMISE In 54% of the cases, the compromised account owners learned of the breach from their friends; it seems no one is as good at pointing out people s errors as their own friends (who also receive the spam and overseas scams). Users probably assume that Gmail, Yahoo, Hotmail and Facebook are keeping an eye out for hacks and other bad stuff. Or alternatively, some users might think that they will notice strange activity in their account as soon as it happens. The results though, indicate that received an official email (15%) and I noticed it myself (31%) are both far behind the rapid alert service known as good friends. Page 6

WHAT ACTION DID ACCOUNT OWNERS TAKE TO RECOVER THEIR ACCOUNTS The modern equivalent of changing the locks seems to be key to regaining control of an email account. Most users 42% seemed to solve the issue with just a password change and some of these added in an antivirus scan for good measure an additional 23%. A surprising 23% of respondents did not do anything to remediate their account, and believed this was a one off event. Some of those who responded other had broached the issue with their email provider. Page 7

Preventing compromised accounts As shown in the survey data, most users could not pinpoint the origin of the compromise. The following hints would probably have prevented many of the stolen accounts that were surveyed: Use passwords that are difficult to guess no keyboard sequences (qwerty, 1234qwer, etc.), no birthdates, no common names. Mix numbers and capital letters. Use different passwords for different sites. If your Gmail is compromised then at least your Facebook or other accounts will be secure. Consider using a password manager that stores all you passwords, generates new ones, and syncs them between your different PCs, laptops, and tablets. Keep your master password complex and safe. We recommend thinking of a sentence that you will easily remember, and then taking the first letter of each word, and substituting numerals for certain letters. For example, if your easily remembered sentence is roses are my wife Dierdre s favorite flowers, your password would start out as ramwdff, then you could switch certain letters with numbers, such as 4 for the letter A, 3 for the letter E, and so forth. This generates a random string that will be very difficult for anyone to guess, but fairly easy for you to remember. Think carefully before using a public Internet terminal consider whether you really need to use these at all. If you do use one then remember to uncheck the remember me box when you log into your email or Facebook. Also don t forget to log out and close the browser window when you are finished. Don t open email attachments or click on links in emails you weren t expecting like UPS delivery notices, invoices from online stores, hotel bill corrections, credit card error letters, etc. Treat all unexpected attachments as malware even if they appear to be only PDF, or Word, or Excel. There are common ways for a malware distributor to hide an executable virus inside what appears to be a PDF or Word document. Don t follow links in Facebook that accompany some hysterical or generic text such as check this out!!!!!, or Thought you might like this!! Avoid Facebook links that promise some current event scoop such as Amy Winehouse pictures!, or Osama bin Laden death video!. To date, there is no Facebook application that allows you to see who has been viewing your page never follow any link that promises this functionality. Never respond to a request for your password no matter how official or urgent the email looks. Page 8

If your email provider offers single-use passwords (for example as Gmail does), implement it. In the case of Gmail, you can either download an application to your mobile phone that generates a single-use password (a string of random numbers that changes every few seconds), or Google will SMS your phone with the password. In this way, if someone is determined to hack into your account, they will need to have access to your mobile phone as well. Finally, be sure to set up a secondary email or phone contact for your Webmail accounts this can be used to help you recover a compromised account. Conclusions Legitimate user Webmail and Facebook accounts are a valuable prize for spammers and scammers. The use of these for spam and scams is expected to increase and users should therefore take basic precautions when they access these in public domains as well as observing sound password management. About Commtouch Commtouch (NASDAQ: CTCH) safeguards the world s leading security companies and service providers with cloud-based Internet security services. A cloud-security pioneer, Commtouch s real-time threat intelligence from its GlobalView Network powers Web security, messaging security and antivirus solutions, protecting thousands of organizations and hundreds of millions of users worldwide. Visit us: and Email us: info@commtouch.com Call us: 650 864 2000 (US) or +972 9 863 6888 (International) Copyright 2011 Commtouch Software Ltd. Recurrent Pattern Detection, RPD, Zero-Hour and GlobalView are trademarks, and Commtouch is a registered trademark, of Commtouch Software Ltd. U.S. Patent No. 6,330,590 is owned by Commtouch.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback