Businesses Face Malicious Attachment Threat As Spam Declines

Proofpoint has presented its assessment of the security threat landscape for the first half of 2015, and it makes for grim reading for IT managers.

The good news is that the volume of unsolicited email has declined to levels not seen since since 2012. The EU incidentally is the largest generator (15 percent) of total unsolicited emails, followed by the USA, China, Russia and even Indonesia and Argentina.

This finding backs up Symantec’s research last month, which found that spam emails have fallen to its lowest rate for 12 years.

Malicious Attachments

But the Proofpoint report also revealed that threat landscape is evolving, and IT managers should be aware of the major trends that has emerged so far this year, and educate their staff accordingly.

Whilst the decline of unsolicited email is to be welcomed, it seems the loss in volume is more than made up for in maliciousness.

Indeed, there seems to have been a shift from cyber-attacks that rely on URLs, to email campaigns that contain a malicious document attachment.

“The most striking development of the first six months of 2015 was a massive shift of threat activity from the URL-based campaigns that had dominated 2014, to campaigns that relied on malicious document attachments to deliver malware payloads,” said Proofpoint. “Malicious attachments have dominated the campaigns of 2015 to date, driven by the massive volumes of attachments and messages delivered by the Dridex campaigners as well as other botnets.”

Phishing Lures

Meanwhile another trend to have emerged concerns that of phishing attacks, whereby someone impersonates a trustworthy source with the purpose of acquiring sensitive information. In the past these attacks were focused on consumers, but it seems that business users are increasingly being targetted.

The most commonly used phishing lures in the previous year are social network communications, whereby attackers use social network invitations and connection requests (fake LinkedIn connection requests etc).

Another popular lure are financial account warnings (emails supposedly from your bank, credit card etc). Finally, order confirmation messages are also being used as a phishing lure.

And it seems that social media is also a viable way for attackers to distribute malicious content. “A single phishing lure, malware link or spam message posted to a high profile corporate social media destination may be viewed by ten thousand or more potential victims,” warned Proofpoint.

Report Recommendations

So the advice for IT managers is simple. Proofpoint recommends that organisations make use of threat solutions that utilise dynamic malware analysis and predictive analysis. It also says that firms should automate their threat response in order to reduce the time from detection to containment.

Businesses should also build-in comprehensive threat intelligence into their digital forensics and incident response (DFIR) tools and processes.

And finally firms should integrate security, content enforcement (encryption, DLP, etc) and archiving for email and social media to safeguard these vital communication channels.

What do you know about Internet security? Find out with our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

20 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

21 hours ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

22 hours ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago