Woburn, MA – May 12, 2016 – The latest Kaspersky Lab Spam and Phishing Report has discovered that although the quantity of spam emails has been decreasing, they have become more criminalized. At the same time, the level of malicious mailshots has dramatically increased - Kaspersky Lab products prevented 22,890,956 attempts to infect users via emails with malicious attachments in March 2016, twice the number of attempts reported in February 2016.
Since 2012 the level of spam in email traffic has constantly been decreasing; however, the quantity of emails with malicious attachments has increased significantly. In the first quarter of 2016 it was 3.3 times higher than during the same period in 2015.
There was also a growing amount of ransomware reported throughout the quarter. This is often propagated through emails with infected attachments - for example Word documents. The main actor on this field in Q1 was the ransomware Trojan Locky, which has been actively distributed via emails in different languages and has targeted at least 114 countries. Locky emails have contained fake information from financial institutions that have deceived users and forced them to open the harmful attachment.
The Kaspersky Lab findings suggest that spam is becoming more popular for fraudsters to target internet users, because web browsing is becoming safer. Almost all popular web-browser developers have now implemented security and anti-phishing protection tools, making it harder for cybercriminals to propagate their malware through infected web pages.
According to the Kaspersky Lab report on spam and phishing the main findings for the quarter were:
During this quarter fraudsters tried to lure users into opening malicious files, gaining their attention with emails about terrorism. Some spam fraudsters tried to convince recipients that the file attached to their spam email contained a new mobile application, which, after installation, could detect an explosive terrorist device. The email emphasized that the U.S. Department of Defense had discovered this technology and that it was sufficiently simple and accessible. The attachment usually contained an executive file, which was detected as Trojan-Dropper.Win32.Dapato, malware that can steal personal user information, organize DDoS-attacks, and install other malicious software.
Well-known Nigerian spammers also used terrorist topics in their emails. According to the Kaspersky Lab report, the quantity of these emails has increased considerably. These spammers previously preferred to send long emails with a detailed story, and links to news to make it more convincing; however, they are now only sending short messages with no detail, asking the recipients to get in touch.
“Unfortunately we are seeing our previous predictions about the criminalization of spam coming true. Fraudsters are using diverse methods to attract user attention, and to make them drop their guard. Spammers are employing a diversity of languages, social engineering methods, different types of malicious attachments, as well as the partial personalization of email text to look more convincing. The fake messages often imitate notifications from well-known organizations and services. This is raising spam to a new dangerous level.” - warns Daria Gudkova, Spam Analysis Expert, Kaspersky Lab.
To learn more about spam and phishing operations in Q1 2016, please read blog post at securelist.com.
About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company founded in 1997. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them.
Learn more at www.kaspersky.com.
For the latest in-depth information on security threat issues and trends, please visit:
Securelist | Information about Viruses, Hackers and Spam
Threatpost | The First Stop for Security News
Follow @Threatpost on Twitter
Media Contact:
Sarah Kitsos
781.503.2615
sarah.kitsos@kaspersky.com