Story image

Number of malicious emails soars 85% from previous quarter

27 Oct 2017

Proofpoint has released the findings from its massive Quarterly Threat Report – some of which are astonishing.

The research highlights the threats, trends, and key takeaways we see within its large customer base and in the wider threat landscape.

Every day the company analyses more than a billion email messages, hundreds of millions of social media posts, and more than 150 million malware samples and their research is built from this.

The company says the report is designed to provide actionable intelligence businesses can use to better combat today’s attacks, anticipate emerging threats and manage security posutures.

The end result? Three primary vectors continue to contain the bulk of sophisticated attacks; email, social media, and mobile.

The volume of email attacks utilising malicious URLs has exploded, making up the highest proportion of email attacks (against those that use attachments) in more than two years.

The sheer number of malicious emails soared 85 percent from the prior quarter, with the volume of emails with malicious URLs shooting up nearly 600 percent from the previous quarter and more than 2,200 percent from 12 months earlier.

Despite the upsurge of URL usage being the major driver of malicious email growth, Proofpoint asserts there was still a large number of campaigns operating with malware hidden in compressed-file archive attachments.

In terms of malware categories, ransomware remained king and accounted for almost 64 percent of all email malware attempts.

New ransomware strains appeared daily, but Locky remained the top payload and accounted for almost 55 percent of total message volume and more than 86 percent of all ransomware volume.

Banking Trojans represented 24 percent of all malicious email volume, with a strain called The Trick accounting for 70 percent of that total.

Email fraud rose 29 percent from the previous quarter, while the number of email fraud attempts per targeted organisation rose 12 percent.

While email fraud does not discriminate by size, organisations with more complex supply chains are more frequent targets.

In terms of social media, fraudulent support accounts that are used for so-called Angler Phishing, doubled from the year-ago quarter. The number of fake customer-support accounts grew 5 percent over the previous quarter while the volume of phishing links on branded social channels rose 10 percent.

"Threat actors never stop innovating, whether through new network attack vectors, more sophisticated social engineering, or evolving email campaigns with hosted malware and obfuscated code,” says Proofpoint’s vice president of Threat Operations, Kevin Epstein.

"The ongoing dominance of ransomware in the threat landscape means that it remains lucrative for actors who repeatedly demonstrate their willingness to ‘follow the money’. However, we also continue to see a combination of adaptability -- switching payloads and malware families as necessary to maximise returns -- and specialisation, as actors focus on particular regions and malware types that best suit their needs and expertise."

Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
Facebook fights fake news ahead of Africa elections
“We also show related articles from fact-checkers for more context and notify users if a story they have shared is rated as false.”
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.