the cybercrime economics of malicious macros

The Cybercrime Economics Of Malicious Macros Phishing campaigns using document attachments increased 1,500% in the year to April 2015. 1,500% Campaigns cost between $0 to $1,000 so every attack can be massively profitable. $1,000 www.proofpoint.com Attackers continually add and modify file formats to evade detection: not just standard Microsoft office formats, but also CHM and MIME-formatted DOC files. Download the complimentary report to learn more about how cybercriminals are driving today’s massive targeted attack campaigns that trick end-users into clicking. The Economics Behind The Return Of Malicious Macros 50% The cost of a macro spam campaign can be 50% (or less) than the cost of traditional URL-based campaigns. The attackers’ own tools show that 75% of downloaded malware is successfully installed on victims’ computers. 75% Do you ever blindly click on a yellow bar or a pop-up when you open a file? What if that means you’re giving a hacker control? Malicious macros exploit human behavior to breach your system and the worst part is that they’re cheap. The economics of malicious macros make this threat even greater as the cost is so low, hackers have to invest next to nothing to launch targeted attacks. It’s no accident that the biggest campaigns of the year, including Dridex and Dyre, have used malicious macros. “Malicious macros do not exploit vulnerabilities that can be patched: the willingness of the recipient to click is the vulnerability.” E N A B L E C O N T E N T www.proofpoint.com/MaliciousMacros

Upload: proofpoint

Post on 15-Jan-2017

4.080 views

Category:

Technology

1 download

Report

Download

Embed Size (px):

TRANSCRIPT

The Cybercrime EconomicsOf Malicious Macros

Phishing campaigns using document attachments increased 1,500% in the year to April 2015.

1,500%

Campaigns cost between $0 to $1,000 so every attack can be massively profitable.

$1,000

www.proofpoint.com

Attackers continually add and modify file formats to evade detection: not just standard Microsoft office formats, but also CHM and MIME-formatted DOC files.

Download the complimentary report to learn more about how cybercriminals are driving today’s massive targeted attack campaigns that trick end-users into clicking.

The EconomicsBehind The ReturnOf Malicious Macros50%

The cost of a macro spam campaign can be 50% (or less) than the cost of traditional URL-based campaigns.

The attackers’ own tools show that 75% of downloaded malware is successfully installed on victims’ computers.

75%

Do you ever blindly click on a yellow bar or a pop-up when you open a file? What if that means you’re giving a hacker control?Malicious macros exploit human behavior to breach your system and the worst part is that they’re cheap.The economics of malicious macros make this threat even greater as the cost is so low, hackers have to invest next to nothing to launch targeted attacks. It’s no accident that the biggest campaigns of the year, including Dridex and Dyre, have used malicious macros.

“Malicious macros do not exploit vulnerabilities that can be patched: the willingness of the recipient to click is the vulnerability.”

ENAB

LE CONTENT

www.proofpoint.com/MaliciousMacros

https://www.proofpoint.com/MaliciousMacros

CMSC 426 Principles of Computer Security · All materials copyright UMBC, Dr. Katherine Gibson, and RJ Joyce unless otherwise noted 10 First-Stage Example: Malicious Macros Files

Cybercrime 3

malicious campaigns of year 2013 .RU landscape - … of Cybercrime: malicious campaigns of year 2013.RU landscape Fyodor Yarochkin Vladimir Kropotov Chetvertakov Vitaliy Hack.lu 2013

The Trouble with Phishing...The most common malicious attachments are Word (or any Microsoft Office) document files. In this case, the attachments contain code called macros. Malicious

Investigating Cybercrime

International Telecommunication Union Cybercrime ...€¦ · International Telecommunication Union Cybercrime Legislation Resources ITU TOOLKIT FOR CYBERCRIME LEGISLATION ... This

0700 Working With Macros - Macros