April 8, 2023 © 2014 CYREN Confidential and Proprietary

INSIGHTS FROM CYREN'S NEW Q2 TREND REPORT

© 2014 CYREN Confidential and Proprietary2

IN TODAY’S WEBINAR

Android ransomware and banking malware

The rise and fall (and rise) of Zbot

PDFs and Docs – real and unreal

Worldwide, World Cup phishing

Stock scams with Oakmont Stratton

© 2014 CYREN Confidential and Proprietary3

© 2014 CYREN Confidential and Proprietary

ANDROID MALWARE TRENDS

© 2014 CYREN Confidential and Proprietary4

PC RANSOMWARE

© 2014 CYREN Confidential and Proprietary5

POLL – RANSOMWARE HONESTY

Do you know someone who paid the ransom? Did they get their files back? They paid and got their files back They paid and lost their files They refused to pay and lost their files They refused to pay and managed to regain access to their PC Happily I don’t know anyone who has been infected

© 2014 CYREN Confidential and Proprietary6

ANDROID RANSOMWARE ARRIVES

May – “ransomware” – but no encryption

June – ransomware with encryption

AndroidOS/Simplocker.A.gen!Eldorado.

© 2014 CYREN Confidential and Proprietary7

ANDROID RANSOMWARE ARRIVES

Before and after encryption Scans SD card and encrypts files like .jpg, .png, .doc amongst others

© 2014 CYREN Confidential and Proprietary8

ANDROID IBANKING MALWARE

SMS/spyware – collects Text messages, Phone calls Recorded audio

Works in tandem with PC-based malware Intercepts SMS codes sent by banks

Android OS/Agent.HJ

© 2014 CYREN Confidential and Proprietary9

UNKNOWN SOURCES?

© 2014 CYREN Confidential and Proprietary10

NO MALWARE DETECTED

''Virus Shield'', priced at $3.99 in the Google Play store

30,000 copies in April

Does nothing

© 2014 CYREN Confidential and Proprietary11

POLL: YOUR MOBILE APPS

Where do you download apps Android: The Google Play Store Android: Anywhere I can find apps iOS: Only the iTunes Store iOS: Jailbroken device – anywhere I can find apps

© 2014 CYREN Confidential and Proprietary

MALWARE TRENDS

© 2014 CYREN Confidential and Proprietary13

A QUICK ZBOT HISTORY

Zeus Trojan (PC) discovered ~2007 Generally steals credentials - Banks, email,

social media Keyloggers, screenshots Sold as botnet creation kit

Zeus botnet, other botnets Distributed command and control Millions of victims 2012 – Microsoft takedown of SpyEye

Gameover Zbot Peer to peer encrypted botnet June 2014- Operation Tovar disrupted botnet July – new variants emerging…

© 2014 CYREN Confidential and Proprietary14

ONE OF THE LAST ZBOT EMAILS

Attachment: Eonenergy-Bill-29052014.scr displays a PDF icon

W32/Zbot.BXN

© 2014 CYREN Confidential and Proprietary15

ANOTHER ZBOT SENT USING DROPBOX

© 2014 CYREN Confidential and Proprietary16

ACTUAL PDFS CAN ALSO BE PROBLEMATIC

Securedoc.pdf from BoA

Versions of reader attacked: 9.3x – 9.5x, 10.1x, 11, 11.001 (The current version is 11.0.07)

© 2014 CYREN Confidential and Proprietary17

WORD DOCS TO AVOID

traking_doc_MW421330771CA.doc

aircanada_eticket_[random_number].doc

efax__[random_number].doc

file-_[random_number]_doc

President Obama’s Speech.doc

© 2014 CYREN Confidential and Proprietary18

SECURITY EDUCATION POLL

Do you think people are aware that a PDF or Doc file could be harmful? Yes No

© 2014 CYREN Confidential and Proprietary

PHISHING TRENDS

© 2014 CYREN Confidential and Proprietary20

WORLD CUP PHISHING

Chance to win “World-Cup” related prizes Cielo – biggest credit card provider in Brazil

© 2014 CYREN Confidential and Proprietary21

GLOBAL BANK PHISHING

Global brands American Express, Bank of America, or Barclays

Country-specific Natwest (Britain) Danske Bank (Denmark) Swedbank and SEB (Sweden) Bank of India (India) Credem (Italy) Hypovereinsbank (Germany)

© 2014 CYREN Confidential and Proprietary

SPAM TRENDS

© 2014 CYREN Confidential and Proprietary23

SPAM LEVELS

Spam levels continue to drop

June average is lowest in 5 years!

Q2 Average55 Billion

June Average49 Billion

© 2014 CYREN Confidential and Proprietary24

Q2 SPAM TOPICS

Pharmacy Products

43%

Job Offer22%

Stock16%

Diet8%

Other4%

Online Casino3%

Phishing2% Malware

1%

Pharmacy ProductsJob OfferStockDietOtherOnline CasinoPhishingMalware

© 2014 CYREN Confidential and Proprietary25

PUMP AND DUMP - RCHA

Buy: 417,000 @ 0.19

Sell: Many more @ 0.36

Profit ~$63,000

© 2014 CYREN Confidential and Proprietary26

Q2 SPAM COUNTRIES, SPAM ZOMBIES

Argentina 8%

Spain 8%

Vietnam 7%

United States 6%

Germany 5%

Italy 5%Iran

4%Brazil 4%Colombia

4%Mexico

3%

Others46%

© 2014 CYREN Confidential and Proprietary27

SAVING HOSTING COSTS…

Google Docs phishing email Google logo at the top stored on legitimate Internet security blog called

http://www.onlinethreatalerts.com/

© 2014 CYREN Confidential and Proprietary

GLOBALVIEW

© 2014 CYREN Confidential and Proprietary29

GLOBALVIEW CLOUD AND PRODUCT FAMILIES

WEB EMAILANTIMALWARECYREN WebSecurityURL-Filtering

MobileSecurityAntiVirus

CYREN EmailSecurityEmail Messaging SuiteAntiSpamOutbound AntiSpamIP ReputationAntiVirus for Email

GlobalViewTM Cloud

© 2014 CYREN Confidential and Proprietary30

We focus on our core competencies so our partners can focus on theirs.

Technical Account ManagersPartner Success Program

COMMITTED TO PARTNER SUCCESS

WHAT MAKES US DIFFERENT

© 2014 CYREN Confidential and Proprietary

© 2014 CYREN Confidential and Proprietary

ANY QUESTIONS?