Q1 2016 Spam and Malware Volume Already Exceeds Levels Seen in All of 2015

The volume of malicious messages and spam emails in 2015 has already been exceeded, with nine months of 2016 still to go. Q1 has seen an astonishing 2.3 billion malicious messages sent, 1.7 billion of which were detected in March alone, according to a recent spam and malware report from AppRiver.

As was the case last year, the majority of malicious messages and spam email emanates from the United States, with India in second place for spam distribution closely followed by Mexico. While many forms of malware have been detected in Q1, 2016, the majority of malicious messages are being used to distribute ransomware.

According to AppRiver’s manager of security research, Troy Gill, the increase in malicious traffic identified in the first quarter of 2016 is due to a large extent to the availability of malware on the dark web. It is no longer necessary to develop malware personally. It can easily be rented or purchased on the dark web. Ransomware-as-a-service has increased the number of individuals who have access to the file-encrypting software, and there is no shortage of individuals willing to conduct campaigns.

Another trend in malware distribution sees a change from spray and pray tactics to more targeted campaigns. Mass emails are still sent in the hope of some individuals responding to the requests and installing malicious software, although cybercriminals are increasingly researching organizations and carefully crafting messages to maximize the probability of infection. Campaigns are also being targeted at specific verticals, with the healthcare industry in the United States heavily targeted.

While there are many methods used to deliver ransomware payloads, in Q1, 2016 one of the most popular methods of ransomware delivery has been the use of malicious macros in Word documents and Excel spreadsheets. The use of PowerShell scripts embedded in documents has also grown, and obfuscated JavaScript is still commonly used to deliver malware. There has also been a significant uptick in CEO Fraud and other BEC attacks in Q1. The purpose of these attacks is to fool accounts department staff into making fraudulent wire transfers.

AppRiver has been tracking use of the Distributed Spam Distraction (DSD) technique, which involves flooding inboxes with spam messages to hide legitimate communications, such as confirmation of wire transfers or purchases. The large volume of spam messages means it takes longer for employees to read confirmation emails, giving the attackers more time to withdraw funds.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news