Email continues to be a dominant threat vector for cyber attacks. An IT security product company points to its new research that there was actually a decrease in the overall volume of unsolicited email in 2014. However there was, Proofpoint adds, a dramatic increase in its maliciousness.
The findings come from the IT firm’s Worldwide Cyber Security research; other findings include:
The decline in overall volume of unsolicited email was outweighed by a dramatic increase in maliciousness. Attackers generated more URLs (and sent each URL to a smaller number of recipients) in attempts to improve the chances of evading blocking by URL reputation filters, and the URLs generally used more sophisticated exploits.
A higher proportion of unsolicited emails contained malicious URLs. The percentage of malicious URLs in unsolicited emails surged to an average of 10 percent in 2014. The year also saw a “new normal” of extremely high spikes over multiple days, including multiple occasions where the percentage of malicious URLs in unsolicited emails exceeded 40 percent.
The daily volume of unsolicited messages dropped by 56 percent in 2014. Rates dropped significantly after June 2014, when the GameoverZeus (June) and Kelihos (September) botnets were disrupted.
At the end of 2014 malicious attachments played a much larger role in attackers’ campaigns. Banking Trojan Dridex campaigners and other botnets attempted to send massive volumes of attachments and messages.
China joined the EU, Russia and the United States in late 2014 to become a top source for sending unsolicited email. The year featured greater variety in the top sending countries for unsolicited email. The EU held the top spot for most of 2014, followed by the United States. That shifted in late 2014 with China taking the top spot with the EU close behind. Russia also consistently placed in the top five.
This source shift appears to reflect a change in attacker strategy to distribute their networks more broadly and look beyond the United States for a more reliable supply of unpatched and vulnerable computers to compromise.
The report is published on Proofpoint’s Threat Insight blog – http://proofpoint.com/us/threat-insight/post/Looking-Back-at-2014.
