Monday, August 31, 2015

The Decline of Email Spam?

As threat defense experts, Trend Micro has been delivering quarterly security roundup reports for several years now. Each quarter we look back on the previous quarter to highlight the key threats found during that time period. We also review the threat data we collect and analyze from the Trend Micro™ Smart Protection Network™ which gives us insights into the trends occurring within the threat landscape. In our Q2’15 report, A Rising Tide: New Hacks Threaten Public Technologies, one of the trends we’ve been seeing for some time now is a lower amount of spam affecting the world. As you can see from the below chart, spam volumes have generally been trending lower since August of 2014.

image 1

While this is good news for users I’d like to dive into some of the reasons we may be seeing this lowering trend.

Our threat researchers have been analyzing many of the recent spam campaigns whether they are Cryptoransomware spam runs in Australia, Europe, and North America, or general spam looking to infect individual users. What we’re finding is the spammers today are taking a page out of the playbook of targeted attack (or Advanced Persistent Threats – APTs) campaigns. The threat actors behind targeted attacks will identify who they want to target and limit the number of individuals they will attack.  Spammers today have access to the cybercriminal underground markets (Cyber Arms Bazaar) where they can buy email lists to be used in their campaigns. The difference today than before is these lists are much more refined and accurate. In the past, spammers would send their emails to a huge list of email addresses and did not care if they were legitimate addresses or not.  Today these lists contain confirmed live email addresses for actual users, versus say email addresses of many honeypots used in the defense of spam. This means they can take a more targeted approach in their spam campaigns and ensure they are hitting real people.

Other trends we’re seeing with spammers looking to outwit defenses against them are:

  1. Use of email authentication like DKIM and SPF
  2. Embedded URLs will link to legitimate, compromised sites that redirect to the malicious servers
  3. Use standard malware techniques for attachments to reduce anti-malware detection
  4. Use of CAPTCAs in the threat lifecycle
  5. Improve the message content to be more plausible with less grammatical/spelling errors

While we cannot predict that spam will continue to drop, we do know that many of the threat actors today are being more and more targeted in their approach to cybercrime and in many cases even though they may not be pushing more threats out, this tactic has allowed them to keep their infection rates just as high as ever.  So while spam volume has diminished which on the surface is good, it does not mean that less people are infected as the spammers have been able to be more efficient in their process.

Combatting this trend has required a shift in how messaging-based threats are dealt with.  Traditional antispam solutions have struggled to deal with phishing and spearphishing threats and as spam morphs more towards these more effecting infection methods, the addition of advanced threat messaging technologies must be added to these solutions.  Trend Micro has been developing and integrating a number of these advanced technologies into our messaging solutions including:

  • New-born Domain Host Inspection which identifies newly born malicious domains used by threat actors to block embedded URLs
  • Socially Engineered Attack Prevention which uses big data analytics to correlate meta data and content within emails to identify those that are malicious

The threat defense experts within Trend Micro will continue to analyze the cyber-threats affecting our world and will use their expertise to continually innovate new technologies and solutions to protect our customers as the threat landscape changes. Feel free to leave a message if you have your own opinions on this phenomenon we’re seeing.



from Trend Micro Simply Security http://ift.tt/1hrGRUs
via IFTTT

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.