Spam volumes dropped by over 50% in 2014, but the percentage of malicious URLs in unsolicited emails spiked in the second half of the year, according to new research from Proofpoint.
The messaging security firm's latest Threat Report revealed a 56% drop in the daily volume of spam emails during 2014, helped by disruption to the GameoverZeus and Kelihos botnets in June and September respectively.
This is compared to a 16% increase in 2013 over the previous year.
Yet the proportion of URLs in unsolicited emails deemed to be malicious increased to an average of 10% in 2014, with large spikes exceeding 40% on occasion, especially in the latter part of the year.
Proofpoint explained in a blog post:
“In other words, even as the overall volume of unsolicited email was hitting its low point in late 2014, 1) there was an increase in maliciousness of URLs, and 2) attackers were generating a larger number of URLs (and sending each to a smaller number of recipients) in order to improve their chances of evading blocking by URL reputation filters, and URLs pulled in malware that was generally more sophisticated.”
The report also noted that, especially at the end of the year, a larger volume of unsolicited emails contained malicious attachments. This is due in part to the activity of botnets like banking trojan Dridex.
Proofpoint CEO Gary Steele told Infosecurity that, despite the drop in spam volumes, cyber-criminals will continue to use email as a primary vector to break into organizations and compromise systems.
“In the face of a tidal wave, organizations cannot match attackers on a one-to-one basis. That’s where the technology, people and process strategy becomes critical. Security for the modern enterprise is always evolving. You are either evolving with it – or you’re not secure,” he added.
“Now is the time for security teams and executives to proactively examine cybersecurity strategies – and communicate the urgent need to deploy a comprehensive, advanced security strategy to their leadership team and board of directors.”
Steele argued that an effective strategy needs to include advanced threat prevention products.
“No organization should be blindly renewing that four-year-old anti-spam subscription and trusting it will block advanced targeted attacks,” he claimed.