Blog

Every quarter, we release our Global Security Report, our latest spam and malware findings from the previous quarter. Today we unveiled Q1 2016’s report, which has confirmed that the levels of spam and malware email traffic during Q1 has already surpassed total levels documented during the whole of 2015, totaling at 2.3 billion malicious email messages, with 1.7 billion occurring in March alone.

What is the Global Security Report?

“The malicious Web and email traffic continues to multiply rapidly, and it’s not slowing down anytime soon,” says Troy Gill, manager of security research at AppRiver. “The increase in malicious traffic that we’ve seen over the first quarter, and even last quarter of 2015 can be traced to two factors: the widespread ability to purchase malware on the Dark Web, and its effectiveness due to end users’ reluctance to use antivirus software and perform regular software updates.”

AppRiver confirms that receiving a malicious message is no longer a numbers game, as cybercriminals are also targeting sectors with crafted messages. Jon French, security analyst at AppRiver, says, “We have also seen ransomware attacks move from a simple ‘cast net’ style approach to attacks aimed at certain verticals, with the most prevalent this quarter being the healthcare industry.” French adds, “Malicious macros in Microsoft Word and Excel documents have been a very popular method for delivering the Trojans carrying the payload for ransomware attacks.”

For those who are not falling for the macros method, cybercriminals are also utilizing hidden PowerShell commands in documents to infect machines, as well as obfuscated JavaScript as a vehicle to deliver attack code.

We have also seen an uptick in wire transfer attacks, typically targeting finance departments. Custom communications are spoofed by the attackers to appear as if they come from within an organization, most often impersonating a company’s CEO.

A final trend we have been monitoring is the Distributed Spam Distraction (DSD) technique. Fred Touchette, manager of security research at AppRiver, explains, “DSDs flood an individual’s inbox with spam emails in an attempt to hide critical confirmation emails for purchases or wire transfers made in the victim’s name. With all of the spam in the victim’s inbox, the deed is done before the confirmation email is located, allowing the cybercriminal to make away with fraudulent purchases or wire transfers.”

From a technical standpoint, our security analyst team advises organizations to have layered security systems in place that monitor all network traffic and communications to prevent malware attacks and breaches, including:

We have included more detail on these attacks and statistics within its Q1 Global Security Report. To read the full report and watch AppRiver’s security analysts’ round table discussion on its findings, visit https://www.appriver.com/about-us/security-reports/global-security-report-2016-quarter-1/.