Sign up for our newsletter
Technology / Cybersecurity

‘Threat level 10’ phishing scam hits UK citizens as ransomware hits industrial scale

A widely reported email scam has been linked to a ransomware attack with a ‘threat level 10’ by a cyber security expert.

The danger was discovered by Andrew Brandt, Director of Threat Research at Blue Coat, who tested a recent spam email in a test-bed and found that it linked to a malware called Maktub.

The targeted phishing email that contained the link to Maktub emerged this week. It told consumers that they owed large sums of money to companies and gave them a link at which they were told they could print an invoice.

Maktub would then encrypt all data on the hard drive, demanding a ransom to be paid in Bitcoins that would increase the longer it took the victim to pay it.

White papers from our partners

The phishing campaign was extremely targeted, with victims’ postal addresses featuring in the email to give the illusion of authenticity.

Kevin Epstein, VP, Threat Operations Center at Proofpoint, highlighted this use of personal information as a key technique in the phishing world.

"The rule of thumb for phishing emails is that the more personalized they are, the more effective they will be. Personalization, though, is expensive, both in terms of the necessary research and preparation of highly targeted malicious emails.

"The tradeoff between efficacy and cost has historically been a constraint on attackers — one that was assumed to be largely inviolate, much like flying faster than the speed of sound was long considered impossible."

Worryingly, Epstein suggests that the attackers may now have found a way around the constraint, or "broken the sound barrier."

Proofpoint discovered another campaign in the same week which targeted over a third of a million executives.

Meanwhile, Adobe issued an emergency update to its Flash software for internet browsers after a security vulnerability was discovered that could be exploited to deliver ransomware to PCs.

The bug could be exploited when users visited tainted websites.
This article is from the CBROnline archive: some formatting and images may not be present.