SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Global warning as spam attacks target stock market manipulation
Thu, 4th May 2017
FYI, this story is more than a year old

A massive spam campaign is targeting the share price of a Latvian company by asking them to buy shares in the company.

Information logistics company Retarus spotted the campaign and has issued a worldwide warning, saying that these types of campaigns should raise awareness that attackers are getting smarter.

The company says the particular stock manipulation strategy uses a global botnet of more than 400,000 computers, a limited volume of 50 messages per minute and frequent text variations that can trick keyword-based spam filters.

According to Retarus, it filters out around 9.3 million of these types of spam emails on a daily basis. This campaign's botnet has used an ‘insidious' method as the infected systems aren't paralysed by sending massive volumes of messages. The limited volume means it's harder for IT administrators to detect them.

The company also says the spammers have also used different ways to give reasons for the stock purchases, including a forthcoming takeover and a breakthrough in cancer research. Spam filters often search for specific keywords, which means they cannot filter the messages properly.

The spammers are not only profiting from a short-term rise in share price due to demand, but they will also benefit from the crash through options.

This is not the first time a malicious campaign has meddled with the stock market: In March, the share price of InCaptcha rose during a four-day spam campaign and then dropped just as fast.

These types of campaigns have been labeled ‘penny stocks', which are securities quoted at less than one dollar.

Organisations should keep their spam and virus filters up to date. In addition, all messages with more than a 60% likelihood of being spam should be moved into quarantine.

The company also says that the ‘human factor' remains an important issue in spam fraud. Useers must adopt increased levels of vigilance and thoroughly check the messages' plausibility.

Retarus suggests that organisations should also educate their staff about these kinds of attacks. Real-world examples are effective methods to highlight awareness, and guidelines should be put in place for suspicious cases.