Cloudmark has observed online attackers using new, advanced threat techniques that combine attributes of spam, phishing and malware into a single attack, which is then distributed across a variety of mediums.
These converged threats look for coverage gaps in traditional security solutions that are designed for a specific type of attack, such as a spam or virus outbreak over a specific medium like email. However, because these new, mash-up type of attacks blend elements of spam, phishing or viruses into a single attack that is unleashed simultaneously across email, mobile, web and social networks, they evade traditional security solutions, Cloudmark stated.
In order to combat today’s threats, Cloudmark is strongly advising service providers to look for security platforms that are threat agnostic and able to automatically identify and stop attacks across multiple platforms.
As part of Cloudmark’s continual analysis of global threats, it has identified several examples of these converged attacks: smishing, a recent trend in mobile phishing attacks that usually involves the use of VoIP phone number accounts obtained through email phishing attacks as the call to action; modern email viruses, where the majority of recent email virus threats no longer distribute viruses as an attachment, but rather host the virus on a website and distribute emails that link to the site; and the crush attack, a recent attack distributed through SMS messaging, email and social network communication, enticing users to login to a webpage and unknowingly opt in for a premium rate SMS service through their mobile operator.