Spam Levels are Down, But Targeted Attacks via Email are Up

Anthony Freed
By | January 15, 2013

Posted in: Network Security Trends

Less spam in your inbox: Good news. More spam geared towards targeted attacks: Not so good... In the wake of multiple large-scale botnet take-downs in 2011 and 2012, the over all volume of general spam traffic decreased significantly (53%), but targeted attacks via email are on the uptick according to researchers from German e-mail security provider Eleven. The percentage of spam messages that contained malicious agents such as malware-laden attachments, links to websites that facilitate drive-by attacks, and targeted phishing operations all showed a measurable increase over previous years, and the trend towards more focused attacks is expected to continue through 2013.

"More spam, malware, and phishing e-mail is being specifically sent to targeted circles of recipients and is becoming increasingly difficult to differentiate from legitimate messages," the researchers noted.

The Eleven researchers noted an increase in spam-based attacks that were designed to be country-specific by employing a language particular to the region, as well as subject matter headings that included topics and brands known to be popular in the nation for which each campaign was designed to target.

The analysis also revealed that "levels of malware sent via e-mail skyrocketed," with the inclusion of already-identified viruses attached to spam emails increasing as much as 226%, and messaging containing new strains - which the company designated as "virus outbreaks" - increasing 153%. The total share of malicious emails with known agents jumped from 0.06% to 0.4% in 2012 according to the company, while those with new strains of malware increased from 0.04% to 0.5% over the year, even though the total percentage of spam in relation to all emails sent was shown to have decreased by about 12%.

Drive-by attacks, where recipients are presented with a link to in a spam message that leads to a malicious website that can infect a victim's system, were also seen to be on the increase. "Drive-by e-mail comprised nearly one tenth of all spam e-mail for the first time in September 2012," the researchers found.

The increase in malicious email seen in 2012 also includes more spear-phishing attempts, where attackers focus on a smaller group of high-value targets or individuals at a particular organization of interest, and the Eleven researchers also noted that the attackers are more frequently altering the mechanisms of their spam operations in order to preempt potential disruptions from a botnet take-down.

Based on the data from 2012, Eleven estimates that attackers will continue to shift towards shorter, more focused campaigns that seek to target organizations dependent on "signature-based anti-virus solutions" and those who "do not use early virus detection" in order to penetrate networks prior to new updates being issued for enterprise virus scanner tools.

They also predict 2013 will see a significant increase in spear-phishing attacks. "Since emerging from the pilot phase in 2012, they are set to become a key weapon in online criminals’ arsenal in 2013.  It can be expected that especially critical areas, such as government authorities, will be targeted by spear phishers," the researchers stated.

As a result, other cybercrime groups will be focusing on obtaining the data necessary to engage in the targeted spear-phishing campaigns. "The prerequisite for successful spear phishing is recipient data that is as detailed as possible. Online criminals will be focusing on obtaining such information in 2013.  It can thus be expected that the number of hacking and phishing attacks that try to get to such data will noticeably increase."

A continued focus on employee and end-user security awareness and education will be key to defending networks against such operations, as the majority of the attacks initiated through malicious emails depend on elements of social engineering and a lack of caution on the part of individuals who may be confronted with such attempts to compromise their organization's systems.

You May Also Be Interested In: