Categories: MarketingSecurity

IBM: Targeted Spam Malware Sticks To Working Hours

Spammers may use automated delivery techniques, but manual work is also involved in fine-tuning their methods, all the better to trick users into opening their malicious attachments, according to a new study.

IBM’s X-Force security research lab said spam remains a primary means of delivering malware, with 44 percent of the junk emails analysed from over a six-month period containing attack code.

Targeted timing

Ransomware overwhelmingly dominated, making up 85 percent of malicious junk messages. Spam volumes have increased by a factor of four over the past year.

Malware is increasingly targeted at particular individuals and organisations, and IBM found spam delivery times are targeted as well, with volumes rising at the beginning of the day on European time (5 a.m. GMT). A big drop came at the end of the day, European time (8 p.m. GMT), and another at the end of the day on the US west coast (7 p.m. PST, or 1 a.m. GMT).

Junk email levels were highest during the day, too, with 83 percent sent on weekdays. The busiest day was Tuesday, followed by Wednesday and Thursday.

The most spam originated from India, followed by South America and China, but IBM said spammers might outsource their deliveries to IP addresses in those countries.

Most spam is delivered by botnets, made up of internet-connected computers whose users aren’t aware they’ve been hijacked, so the actual systems involved could be located anywhere and controlled by someone in another country.

Hand-tailored techniques

The spread of delivery times is a way of targeting users when they’re likely to be in the office, since many malicious attachments are aimed at stealing data from organisations such as businesses and governments, IBM said.

“These gangs make sure to spam employees in very pointed bouts of malicious mail, during those times in which potential new victims are more likely to open incoming email,” X-Force said in an advisory.

IBM’s analysis found that in spite of the large-scale automation involved, attackers also put hands-on work into helping their attachments slip past spam filters.

For instance, malware sent through the large Necurs botnet has changed delivery tactics frequently in the past few months, moving from infected Microsoft Office documents to PDF files embedded with a malicious Office document, to malicious .WSF files and then fake DocusSign attachments.

What mobile network are you using?

  • Three (30%)
  • EE (25%)
  • Vodafone (19%)
  • O2 (16%)
  • Other (11%)

Loading ...

Malware ‘cash laundormat’

“Malware is more sophisticated than ever, and its delivery methods are not falling short,” IBM said in the advisory. “Spammers and spam botnets launch millions of malicious messages every day, hoping to get through to potential victims, infect new endpoints, invade another organisation and keep rolling the cash laundromat that drives cybercrime.”

Researchers have pointed to a significant shift in malware delivery that occurred this year with the release of exploits such as EternalBlue, allegedly developed by the NSA and leaked by the Shadow Brokers hacker group in April.

EternalBlue, which directly targets vulnerable SMB software found in Microsoft Windows and as such doesn’t require a user to open an infected attachment, was used in May to spread the WannaCry ransomware and the following month the NotPetya malware.

Do you know all about security in 2017? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Vodafone Germany Confirms 2,000 Job Losses, Amid European Restructuring

More downsizing at Vodafone after German operation announces 2,000 jobs will be axed, as automation…

15 hours ago

AI Poses ‘Jobs Apocalypse’, Warns Report

IPPR report warns AI could remove almost 8 million jobs in the United Kingdom, with…

16 hours ago

Europe’s Longest Hyperloop Test Track Opens

European Hyperloop Center in the Netherlands seeks to advance futuristic transport technology, despite US setbacks

16 hours ago

NHS Scotland Confirms Clinical Data Published By Ransomware Gang

NHS Dumfries and Galloway condemns ransomware gang for publishing patients clinical data after cyberattack earlier…

18 hours ago

Fewer People Using Twitter After Musk Takeover – Report

Research data suggests fewer people are using Elon Musk's X, but platform insists 250 million…

21 hours ago

Julian Assange Wins Temporary Reprieve For US Extradition Appeal

US assurances required. Julian Assange handed a slender reprieve in fight against his extradition to…

23 hours ago