Only in the second half. August. more than 40 percent. Internet users have received emails from criminals pretending to be the Polish Post Office, downloaded to their computers malware – said Wednesday in Warsaw Lukasz Siverskyi of the CERT Poland.
CERT Poland operates within the Research and Academic Computer Network (NASK) for 19 years and monitors the risks associated with cyber security internet users in Poland. Regularly also preparing a report summarizing threats on the Internet in a given year.
Siverskyi together with other employees CERT Poland conducted an analysis of the activities of cyber criminals, and the results presented on Wednesday at the XIX Conference on ICT security Secure 2015.
The first information about the new attack carried out by cybercriminals, which uses a logo and the name of the Polish Post, appeared in the media in May this year. E-mails allegedly reported the unclaimed consignment, but really contain a link that redirects ran the user, depending on used their web browser, a file with an .exe extension or .apk. The message contained on the website asked to download the pdf version of the file, run it on a computer, and subsequently to carry The printed version of the document to the point of pickup. In fact, Internet users are downloading to your device malicious software called TorrentLocker that encrypt files on the user’s hard drive, and for their decryption demanded ransom.
Only in the second half of August with a fake party it joined more than 15,000 unique IP addresses, most of which came from Polish. With high probability we can say that the number of 15 thousand. It applies to individual users. Of these, until 6388 it downloaded the malware – said Siverskyi.
This means that the attacks were carried efficiency of above 41 percent. This is an unusually high number for an attack of this type, especially considering the fact that in May the media widely reported the existence of such a threat on the Internet – stated the expert.
He added that in this case, which was a novelty attacked were both users of stationary equipment and mobile. Siewierski told PAP that behind the attacks most likely is an international criminal group, which is responsible for similar activities carried out, among others, in Spain, the UK and Australia. Experts from čertů tentatively called it the Postal Group.
The group name is derived from its scheme approved by the attack, which was similar in many other countries. In each country, cybercriminals posed as company postal service using its logo and other distinctive elements – explained the expert. He pointed out that the fact that the attacks seem to be made by the same group provides not only behavior but also the use of a similar network infrastructure and related malware.
Siverskyi added that the group is active, at least since 2013 and is responsible for carrying out campaigns in many countries, spreading malware.
The expert stressed that against such attacks, however, can protect. Just before the opening of the annex see where mail came to us, what is the address if we ordered a parcel or company that sends us out in Annex invoice shows us services- calculated Siverskyi.
The organizer of conferences dedicated to the security of the Secure teleinformatycznemu is NASK. (PAP)
KRM / jzi /
No comments:
Post a Comment