The quarterly reports issued by security firms show that the number of malicious emails keeps increasing from one period to the other. Numbers aren’t the only problem, since spam campaigns have also been improved to be able to bypass security systems.
FireEye experts have analyzed the trends and they determined that many of the new spam emails are able to avoid being blocked by signature- and reputation-based defense mechanisms. Furthermore, they have identified an interesting trend in the words that are being utilized in the names of malicious files.
According to the report called “Top Words Used in Spear Phishing Attacks to Successfully Compromise Enterprise Networks and Steal Data,” in the second half of 2011, the most common word used in such cybercriminal campaigns was “label.”
In the first half of 2012, “label” dropped to the 6th position. Currently, the most commonly utilized words in spear phishing attacks are “dhl” and “notification.”
Each of these words appears in almost a quarter (23.42%, respectively 23.37%) of all the malicious attachments that land in internauts’ inboxes.
Other words that stand out of the bunch are “delivery”, “express”, “2012”, “shipment”, “ups”, “international”, “parcel”, “post”, “confirmation”, “alert”, “usps”, “report”, “jan2012”, “april”, “idnotification”, “ticket” and “shipping.”
This clearly shows that most of the malicious files that come via spam emails are somehow related to shipping. While this may not seem new, the figures from the report reveal that names related to this topic have grown from 19.20% to 26.35%.
Another growth has been recorded in the number of files referencing words associated with “urgency.” Compared to the last six months of 2011, this year, over 10% of attachments attempted to induce a sense of urgency.
Other topics, besides “postal” and “urgency,” were banking and taxes, airline notifications and billing.
The complete FireEye report is available here