Deprecated: Function create_function() is deprecated in /home/hidefide/public_html/blog/wp-content/plugins/wr-pagebuilder/core/core.php on line 127
{"id":952,"date":"2015-02-15T18:39:31","date_gmt":"2015-02-15T18:39:31","guid":{"rendered":"https:\/\/icaruspressblog.wordpress.com\/?p=952"},"modified":"2019-04-17T10:02:35","modified_gmt":"2019-04-17T10:02:35","slug":"its-a-good-news-bad-news-thing-spam-down-malware-up","status":"publish","type":"post","link":"https:\/\/hidefideas.com\/blog\/2015\/02\/15\/its-a-good-news-bad-news-thing-spam-down-malware-up\/","title":{"rendered":"It’s a Good News, Bad News Thing: Spam Down, Malware Up"},"content":{"rendered":"

$\"google-page-rank-1024x768\"$ As the old adage goes, we have some good news and some bad news; which do you want first? Let\u2019s start with the good. Security firm Proofpoint<\/a> has released their threat report for 2014<\/a>, and as the firm points out, the report offers a good opportunity to compare year-over-year data to see where we\u2019ve been and how far we\u2019ve come. Right off the bat, the statistic that\u2019s going to make everyone happy is the overall volume of spam email messages. Now, this isn\u2019t news, in the sense that we\u2019ve reported the trend before this. This time last year, we reported on a Kaspersky Security Bulletin for early 2014, and the results showed that spam volume is on the decline. Indeed, we\u2019ve been seeing that trend for a long time, but it was difficult to get too excited. The spam decline in 2013, according to Kaspersky, was 2.5 percent, with overall spam numbers still representing about 70 percent of all email messages.<\/p>\n

Proofpoint, however, is reporting an overall decline in the average daily volume of spam emails between 2013 and 2014 of 56 percent. Granted, we\u2019re always careful not to read side-by-side reports from different firms as comparative, for a number of reasons. Each firm has its own methodologies for the collection and processing of numbers. In many cases, it could be an apple to oranges comparison to treat the numbers equally because they may represent different things using information extracted from different areas. In addition, sample sizes may vary, locations tracked may be disparate, and methods used for identifying spam might have different touchpoints. As Proofpoint points out in their report, they track \u201cspam volumes via a system of honeypots. The volumes historically track with that of our customer base.\u201d<\/p>\n

However, there is good reason to trust Proofpoint\u2019s numbers. As InfoSecurity Magazine<\/a> points out, the drop in spam volume is due in no small part, says Proofpoint, to disruption to the GameoverZeus botnet, which was taken down in July<\/a>. Proofpoint\u2019s site and several other sources (which appear to use the information from Proopoint at face value) also report a takedown of Kelihos<\/a> in September; but the link provided by Proofpoint points to the 2011 Microsoft takedown of the botnet and we\u2019re unaware of any significant event in 2014 relating to Kelihos. If you\u2019re familiar with it, you know it just refuses to go away, and in fact we\u2019ve seen a resurgence<\/a> in Kelihos late in the year.<\/p>\n

Now for the bad news, and it\u2019s a three-pronged threat. First, malicious software is on the rise. What we gained with the reduction in email spam, Proofpoint writes, \u201cwas more than made up for in maliciousness\u2026Proofpoint detected a surge in the percentage of malicious URLs in unsolicited emails: that is, a higher proportion of the URLs contained in unsolicited emails were determined to be malicious. After a sustained surge in mid-2014, the average returned to longer-term levels (approx. 10 percent) but with the \u201cnew normal\u201d of extremely high spikes over multiple days, including multiple occasions where the percentage of malicious URLs in unsolicited emails exceeded 40 percent.\u201d<\/p>\n

In addition to the increase in malicious URLs, Proofpoint also notes that \u201cattackers were generating a larger number of URLs (and sending each to a smaller number of recipients) in order to improve their chances of evading blocking by URL reputation filters, and URLs pulled in malware that was generally more sophisticated. (We saw a similar pattern with attachments in the case of\u00a0 the 305 Dridex botnet that we described recently<\/a>.)\u201d<\/p>\n

Spear phishing is also on the move. \u201cSpear phishing was linked to numerous high-profile cyberattacks in 2014, [and] hackers are now increasingly channeling their energies into phishing campaigns against bank employees rather than bank customers. Essentially, they are going after the bank itself.\u201d The hackers are using \u201cconvincing e-mail ruses\u201d to trick bank employees into clicking malicious links or providing client information, and that spells extra trouble for those of us who prefer that our banks protect our money.<\/p>\n

Finally, botnets represent an ongoing yet evolving threat to users. \u201cThe use of botnets is becoming an increasingly popular tool, and as noted in the Spamhaus project\u2019s Botnet Summary for 2014, botnet activity appears to be on the rise. The perpetrators behind botnets can precipitate the acquisition of sensitive financial, banking, and personal data, which then may be sold on the black market. As financial and personal data increases in value, botnet use rises.\u201d<\/p>\n

Proofpoint asks a valid question, one that we all need to ask ourselves, and one that we\u2019ll likely visit and revisit in the future. \u201cAre companies doing enough to stem the flow?\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"