Numbers are a funny thing. They can be twisted to suit someone’s purposes; they can fall subject to interpretation; they can be misunderstood. But they do not lie. And if you have any experience working with numbers, large anomalous skews tend to make you sit up and take notice. The anomalies often suggest that something’s amiss, and in the UK, we just sat up and took notice, because email users in the British Isles are receiving three times the normal amount of phishing messages with malicious links.
According to The Register, “Spam destined for recipients in the UK is almost three times more likely to contain a malicious URL than unsolicited email sent to the United States.” In addition, email with malicious links sent to German and French email addresses is significantly less likely than US email to contain bad URLs. In other words, UK email users are five times more likely to receive malicious URLs than their counterparts in Germany and France.
If that sounds like a big anomaly to you, it’s probably because it is. According to The Register, a study was conducted over the summer, ran for three weeks, and consisted of the analysis of one billion URLs each day the study ran. The numbers are a bit staggering, but we can put it into context by considering the state of email security in the UK. According to the security firm that conducted the study, the UK is a primary target because it has weaker defense and therefore has become a prime target for cybercrooks looking to cash in.
“With the US as a baseline,” El Reg reports, “Germany receives more spam as a percentage of all email than the US, the UK and France, but only 30 per cent more spam than the US, so this difference conspicuously fails to explain why Blighty was hammered by spam-based scams over the summer. “Bottom line – the UK is being attacked significantly more than the US, yet doesn’t historically have lower click rates, and has more legacy secure email gateways deployed (e.g., more old tech).”
In August, Techworld reported that the spam industry is reinventing itself by focusing on email messages containing malicious links. The surge in malicious emails was significant. “In the 210 days of 2014 up to 29 July, the percentage of unsolicited emails containing malicious links exceeded 15 percent on 63 days.” One in six email messages contained malicious links, and the numbers rose to one in four email messages with bad URLs for twelve days of the study, and one in three for two days of the study.
It’s unlikely to stop. Spammers are making the move to malware, which can be more profitable due to its ability to steal information and invade systems, putting them under a spammer’s control. Even the Nigerian 419ers are getting in on the action, according to Techworld. According to researchers at Palo Alto Networks, “A Nigerian cybercrime gang versed in 419 social engineering scams has diversified into using off-the-shelf RAT tools to attacks Taiwanese and South Korean businesses.” Dubbed “Silver Spaniel,” the report on the spammer gang “offers an interesting insight into the software innovations that have turned malware attacks into a global cottage industry far beyond its assumed heartlands of Russia and China.”
“Where once they sent pleading emails by the billion, they are now as likely to use malware links in the same emails,” and that’s a sobering thought for those of us who fight every day to ensure that our users are safe, secure, and well-informed. The reality of phishing is that at some point, someone will fall for a bad message, but if the reports are true, we can’t rest easy knowing that the stakes have just been upped a thousand fold. One click of a malicious URL can have disastrous results.
Spam numbers appear to be creeping upward again. After all, spam has historically been a numbers game, with a full three-quarters of email transmitted being fake email. The increase in spam suggests that the spammers are resurging after the 2011 botnet takedowns, but we’re not there, Techworld points out. “Spam might be making a return but we are a long way from the unstoppable deluge of a few years back.” And maybe the numbers don’t matter that much, anymore. Malware distribution isn’t a backup plan for spammers anymore. It seems to be their new core business.
That puts all of us at a disadvantage, if we have to treat every unrecognized email as a threat. No one believed the spammers would let up, but the news doesn’t seem encouraging for the foreseeable future.