Blog

It’s been another rough year for netizens. AppRiver’s security analyst team has journaled many of the Web’s perils of the past year, including the spam and malware that has plagued it, the cybersecurity measures that are supposed to make it safer, as well as data breaches that shook consumers and employees.

In total, AppRiver quarantined 944 million messages containing malware from January to November, and an additional 705 million in December alone, doubling the number of malware messages from 2014. AppRiver also quarantined 26 billion spam messages in its filters.

Malware Campaigns:

Many malware campaigns came directly to individuals’ inboxes through spear phishing and spoofing attempts, pointing to the power of social engineering and trust.

Some of the major malware campaigns included:

Macros Ransomware Wire transfer fraud JavaScript obfuscation

The report also devotes special video segments focused on macros malware attacks, wire transfer fraud, and ransomware.

Data Breaches:

Anthem, Premera, LastPass, Ashley Madison, Experian, and the Office of Personnel Management were some of the biggest breaches of 2015. The OPM data breach resulted in more than 18 million current and former federal employees’ records being breached, while the insurance company breaches resulted in more than 90 million patients’ health records being compromised.

Report co-author, Jon French, adds, “This year featured personal attacks on consumers, as cybercriminals favored personal data, such as health insurance records, online dating profiles, and HR files over financial information, such as credit card accounts and routing numbers. Cybercriminals are likely using this information to form detailed consumer profiles on the Dark Web for future attacks, like spear phishing and blackmail.”

Legislation:

Three major pieces of legislation were passed in the United States and the European Union this year, including:

Protecting Cyber Networks Act (PCNA): Enables companies and government agencies to be able to share IT threat intelligence with related government agencies efficiently National Cybersecurity Protection Advancement Act (NCPA): authorizes companies to share threat intelligence with the Department of Homeland Security General Data Protection Regulation (GDPR): covers many facets, most notably the much debated “right to be forgotten”

“The Protecting Cyber Networks and National Cybersecurity Protection Advancement Acts will incentivize companies to share cyber threat information with U.S. government agencies,” says co-author and manager of security research, Troy Gill. “The goal is to prevent future attacks by sharing threat intelligence through joint efforts of government agencies and companies.”

To learn more about the spam and malware trends of 2015, data breaches, and legislation related to them, please read the Global Security Report.