Businesses Face Malicious Attachment Threat As Spam Declines


Spam email volumes are down, but attacks that rely on malicious document attachments are on the rise

Proofpoint has presented its assessment of the security threat landscape for the first half of 2015, and it makes for grim reading for IT managers.

The good news is that the volume of unsolicited email has declined to levels not seen since since 2012. The EU incidentally is the largest generator (15 percent) of total unsolicited emails, followed by the USA, China, Russia and even Indonesia and Argentina.

This finding backs up Symantec’s research last month, which found that spam emails have fallen to its lowest rate for 12 years.

Malicious Attachments

But the Proofpoint report also revealed that threat landscape is evolving, and IT managers should be aware of the major trends that has emerged so far this year, and educate their staff accordingly.

Whilst the decline of unsolicited email is to be welcomed, it seems the loss in volume is more than made up for in maliciousness.

Indeed, there seems to have been a shift from cyber-attacks that rely on URLs, to email campaigns that contain a malicious document attachment.

“The most striking development of the first six months of 2015 was a massive shift of threat activity from the URL-based campaigns that had dominated 2014, to campaigns that relied on malicious document attachments to deliver malware payloads,” said Proofpoint. “Malicious attachments have dominated the campaigns of 2015 to date, driven by the massive volumes of attachments and messages delivered by the Dridex campaigners as well as other botnets.”

phishingPhishing Lures

Meanwhile another trend to have emerged concerns that of phishing attacks, whereby someone impersonates a trustworthy source with the purpose of acquiring sensitive information. In the past these attacks were focused on consumers, but it seems that business users are increasingly being targetted.

The most commonly used phishing lures in the previous year are social network communications, whereby attackers use social network invitations and connection requests (fake LinkedIn connection requests etc).

Another popular lure are financial account warnings (emails supposedly from your bank, credit card etc). Finally, order confirmation messages are also being used as a phishing lure.

And it seems that social media is also a viable way for attackers to distribute malicious content. “A single phishing lure, malware link or spam message posted to a high profile corporate social media destination may be viewed by ten thousand or more potential victims,” warned Proofpoint.

Report Recommendations

So the advice for IT managers is simple. Proofpoint recommends that organisations make use of threat solutions that utilise dynamic malware analysis and predictive analysis. It also says that firms should automate their threat response in order to reduce the time from detection to containment.

Businesses should also build-in comprehensive threat intelligence into their digital forensics and incident response (DFIR) tools and processes.

And finally firms should integrate security, content enforcement (encryption, DLP, etc) and archiving for email and social media to safeguard these vital communication channels.

What do you know about Internet security? Find out with our quiz!