Businesses Face Malicious Attachment Threat As Spam Declines

Proofpoint has presented its assessment of the security threat landscape for the first half of 2015, and it makes for grim reading for IT managers.

The good news is that the volume of unsolicited email has declined to levels not seen since since 2012. The EU incidentally is the largest generator (15 percent) of total unsolicited emails, followed by the USA, China, Russia and even Indonesia and Argentina.

This finding backs up Symantec’s research last month, which found that spam emails have fallen to its lowest rate for 12 years.

Malicious Attachments

But the Proofpoint report also revealed that threat landscape is evolving, and IT managers should be aware of the major trends that has emerged so far this year, and educate their staff accordingly.

Whilst the decline of unsolicited email is to be welcomed, it seems the loss in volume is more than made up for in maliciousness.

Indeed, there seems to have been a shift from cyber-attacks that rely on URLs, to email campaigns that contain a malicious document attachment.

“The most striking development of the first six months of 2015 was a massive shift of threat activity from the URL-based campaigns that had dominated 2014, to campaigns that relied on malicious document attachments to deliver malware payloads,” said Proofpoint. “Malicious attachments have dominated the campaigns of 2015 to date, driven by the massive volumes of attachments and messages delivered by the Dridex campaigners as well as other botnets.”

Phishing Lures

Meanwhile another trend to have emerged concerns that of phishing attacks, whereby someone impersonates a trustworthy source with the purpose of acquiring sensitive information. In the past these attacks were focused on consumers, but it seems that business users are increasingly being targetted.

The most commonly used phishing lures in the previous year are social network communications, whereby attackers use social network invitations and connection requests (fake LinkedIn connection requests etc).

Another popular lure are financial account warnings (emails supposedly from your bank, credit card etc). Finally, order confirmation messages are also being used as a phishing lure.

And it seems that social media is also a viable way for attackers to distribute malicious content. “A single phishing lure, malware link or spam message posted to a high profile corporate social media destination may be viewed by ten thousand or more potential victims,” warned Proofpoint.

Report Recommendations

So the advice for IT managers is simple. Proofpoint recommends that organisations make use of threat solutions that utilise dynamic malware analysis and predictive analysis. It also says that firms should automate their threat response in order to reduce the time from detection to containment.

Businesses should also build-in comprehensive threat intelligence into their digital forensics and incident response (DFIR) tools and processes.

And finally firms should integrate security, content enforcement (encryption, DLP, etc) and archiving for email and social media to safeguard these vital communication channels.

What do you know about Internet security? Find out with our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago