There’s no question that the threat landscape continues to widen when it comes to cybersecurity, but at least one arena has seen some improvement. The volume of spam email in 2015 actually decreased.
According to a Kaspersky Lab Security Bulletin, spam volume fell last year to 55.28% of overall email traffic—a decline of 11.48% on the previous year.
Further, more than three quarters (79%) of all emails sent were less than 2KB in size, which shows a steady decrease in email size for spam campaigns over the past few years.
Financial institutions such as banks, payment systems and online shops were attacked most often with phishing emails (34.33%, a rise of 5.59%), and the US remained the biggest source of spam (15.2%), with second place taken by Russia (6.15%) and China making way for Vietnam in third spot (6.12%). Germany was the biggest victim with 19.06% of spam attacks—a 9.84% increase on 2014, followed by Brazil at 7.64% which posted a 4.09% increase and moved up from sixth place in 2014. Russia moved up to third place from eighth, an increase of 3.06% to 6.03% of all spam attacks in 2015.
In 2015, cyber-criminals also continued to send out fake emails from mobile devices and notifications from mobile apps containing malware or advertising messages. New tactics included fraudsters spreading malware in the form of Android APK files) and ZIP archives containing programs in Java).
“The increased use of mobile devices in our everyday life to exchange messages and data, as well as access and control bank accounts, has also resulted in increased exploitation opportunities for cyber-criminals,” said Daria Loseva, spam analysis expert at Kaspersky Lab. “Mobile malware and fraudulent spam is becoming more popular and efforts to dupe victims are becoming more sophisticated year on year, with the emergence of apps that can be used by cyber-criminals both directly (for sending out spam, including malicious spam) and indirectly (via phishing emails). Mobile device users therefore need to be on their guard and remain vigilant, as cyber-criminal activities in this area are only likely to increase, along with our reliance on devices.”
When it came to popular lures, “Nigerian” fraud used the Ukrainian political situation, the Syrian civil war, the election in Nigeria and the earthquake in Nepal to exploit the kindness and empathy of recipients with believable email content. These emails contained content calling for material support for a person in need.
And, although the Olympic games in Brazil have yet to take place, fraudsters have already started to exploit the event, sending emails announcing false lottery wins and asking the recipient to fill in a form with their personal details. In these attacks, emails with PDF attachments, pictures and other graphical elements were designed to fool the spam filters.
Photo © Stuart Miles