British internet users opening a spam email are three times more likely to be facing a malicious URL than users in the US, thanks in part to a wave of highly targeted financial malware.
British internet users opening a spam email are three times more likely to be facing a malicious URL than users in the US, according to new research by phishing email specialists Proofpoint. German and French internet users were hit by fewer still, with just a fifth of the levels British internet users endure.
British users appear to be being targeted with high levels of financial malware, such as the banking Trojan Dyre.
Oddly, this finding does not correlate to a high level of spam email targeting the country. Germans receive the highest percentage of spam email overall, according to Tech World.
The findings come from an analysis of seven billion URLs monitored every week over a three week period this summer.
Phishing email: smells fishy?
Tech World comments, “This raises the possibility that the higher phishing email levels aimed at the UK are a random fluctuation and a result of when the time period chosen than a fundamental trend.”
Proofpoint responded via email that the high level of targeted financial phishing email suggested that Britain was being targeted with malware simply because it brought lucrative returns.
“The attacks are clearly financially motivated. We’ve historically seen higher volumes of attacks targeted at regions that generate more success for the attackers because that’s where the money is,” said Proofpoint VP of security, Kevin Epstein.
“Relative to other countries in this report, this is a startlingly high number of targeted attacks against the UK. Given the financial motivations of the attacks, this strongly suggests cybercriminals have found UK organizations to be an unusually lucrative target.”
Dyre warning for British users
Infosecurity Magazine points out that among the malicious payloads delivered to British users was a high number of emails containing the Dyre banking Trojan, which was in the headlines again last week, after the malware was used to target users of the popular Customer Relationship Management software Salesforce.
Named Dyre, or Dyreza (and detected by ESET software as Win32/Battdil.A), the Trojan software was discovered by researchers investigating a phishing scam that was spreading via Dropbox. It is believed to be a completely new family of malware, similar to but sufficiently distinct from, the Zeus malware.
Dyre has been designed to target certain banks in particular – Bank of America, CitiGroup, but also a large number of British banks, in particular NatWest, RBS and Ulsterbank.
It is thought to be an example of ‘crime-as-a-service’ – malware for hire to the highest bidder. It has been found able to bypass both SSL encryption and two-factor authentication systems.
Speaking to Infosecurity, Proofpoint suggested that the malware had, “become increasingly popular in the wake of the Gameover Zeus takedown.”