Story image

Number of malicious emails soars 85% from previous quarter

27 Oct 2017

Proofpoint has released the findings from its massive Quarterly Threat Report – some of which are astonishing.

The research highlights the threats, trends, and key takeaways we see within its large customer base and in the wider threat landscape.

Every day the company analyses more than a billion email messages, hundreds of millions of social media posts, and more than 150 million malware samples and their research is built from this.

The company says the report is designed to provide actionable intelligence businesses can use to better combat today’s attacks, anticipate emerging threats and manage security posutures.

The end result? Three primary vectors continue to contain the bulk of sophisticated attacks; email, social media, and mobile.

The volume of email attacks utilising malicious URLs has exploded, making up the highest proportion of email attacks (against those that use attachments) in more than two years.

The sheer number of malicious emails soared 85 percent from the prior quarter, with the volume of emails with malicious URLs shooting up nearly 600 percent from the previous quarter and more than 2,200 percent from 12 months earlier.

Despite the upsurge of URL usage being the major driver of malicious email growth, Proofpoint asserts there was still a large number of campaigns operating with malware hidden in compressed-file archive attachments.

In terms of malware categories, ransomware remained king and accounted for almost 64 percent of all email malware attempts.

New ransomware strains appeared daily, but Locky remained the top payload and accounted for almost 55 percent of total message volume and more than 86 percent of all ransomware volume.

Banking Trojans represented 24 percent of all malicious email volume, with a strain called The Trick accounting for 70 percent of that total.

Email fraud rose 29 percent from the previous quarter, while the number of email fraud attempts per targeted organisation rose 12 percent.

While email fraud does not discriminate by size, organisations with more complex supply chains are more frequent targets.

In terms of social media, fraudulent support accounts that are used for so-called Angler Phishing, doubled from the year-ago quarter. The number of fake customer-support accounts grew 5 percent over the previous quarter while the volume of phishing links on branded social channels rose 10 percent.

"Threat actors never stop innovating, whether through new network attack vectors, more sophisticated social engineering, or evolving email campaigns with hosted malware and obfuscated code,” says Proofpoint’s vice president of Threat Operations, Kevin Epstein.

"The ongoing dominance of ransomware in the threat landscape means that it remains lucrative for actors who repeatedly demonstrate their willingness to ‘follow the money’. However, we also continue to see a combination of adaptability -- switching payloads and malware families as necessary to maximise returns -- and specialisation, as actors focus on particular regions and malware types that best suit their needs and expertise."

Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.
Forrester names Trend Micro Leader in email security
TrendMicro earned the highest score for technology leadership, deployment options and cloud integration.
LogRhythm releases cloud-based SIEM solution
LogRhythm Cloud provides the same feature set and user experience as its on-prem experience.
One Identity named Leader in PAM and IAM by KuppingerCole
KuppingerCole lead analyst Anmol Singh evaluated the strengths and weaknesses of 20 solution providers in the PAM market for the report.
Healthcare environments difficult to secure - Forescout
The convergence of IT, Internet of Things (IoT) and operational technology (OT) makes it more difficult for the healthcare industry to manage a wide array of hard-to-control network security risks.