With the first six months of 2015 behind us and unsolicited email volume data for the first half of the year available, Proofpoint is releasing its mid-year threat report which analyses what the threats of 2015 to-date can tell us about the evolving threat landscape.
Reviewing the first six months of 2015, the main trends that emerge are:
The EU sends out the most unsolicited mail
- As in 2014, the volume from each country as a percentage of total unsolicited email was relatively constant, with the EU consistently accounting for around 15% of total unsolicited email, and the others accounting for single-digit percentages.
Decline in unsolicited mail – reaching levels not seen since 2012
- As we noted in our 2014 Threat Report, the 2014 net decrease in message volume seems counterintuitive in light of the number and severity of data breaches and compromises that were made public in the second half of 2014; however, what was lost in volume was more than made up for in maliciousness. The first six months of 2015 have seen a continuation of this downward trend, with average daily volumes reaching levels not seen since 2012.
Shift to attachment-based campaigns
- The most striking development of the first six months of 2015 was a massive shift of threat activity from the URL-based campaigns that had dominated 2014, to campaigns that relied on malicious document attachments to deliver malware payloads. Malicious attachments have dominated the campaigns of 2015 to date, driven by the massive volumes of attachments and messages delivered by the Dridex campaigners as well as other botnets.
Change in phishing techniques targeting business users
- Cybercriminals have shifted focus from consumers to business users. This shift was perhaps nowhere more apparent than in the message templates attackers used in 2014, and a year-over-year comparison highlights the new focus on business users. The Human Factor report for 2014 described the most commonly used phishing lures in the previous year.
- Social network communication, such as invitations and connection requests
- Financial account warnings, such as balance and transaction notices, account status updates, etc
- Order confirmation messages
Social media increasing as a source of brand and compliance risk
- During the first six months of 2015, Proofpoint Nexgate social media security researchers found that the efficiencies gained in distributing malicious content via social media continue to make it an attractive channel for hackers and scammers. A single phishing lure, malware link or spam message posted to a high profile corporate social media destination may be viewed by ten thousand or more potential victims.
[su_box title=”About Proofpoint” style=”noise” box_color=”#336588″]
Proofpoint Inc. (NASDAQ:PFPT) is a leading security-as-a-service provider that focuses on cloud-based solutions for threat protection, compliance, archiving & governance, and secure communications. Organizations around the world depend on Proofpoint’s expertise, patented technologies and on-demand delivery system to protect against phishing, malware and spam, safeguard privacy, encrypt sensitive information, and archive and govern messages and critical enterprise information.[/su_box]
