Woburn, MA – May 12, 2016 – The latest Kaspersky Lab Spam and Phishing Report has discovered that although the quantity of spam emails has been decreasing, they have become more criminalized. At the same time, the level of malicious mailshots has dramatically increased - Kaspersky Lab products prevented 22,890,956 attempts to infect users via emails with malicious attachments in March 2016, twice the number of attempts reported in February 2016.
Since 2012 the level of spam in email traffic has constantly been decreasing; however, the quantity of emails with malicious attachments has increased significantly. In the first quarter of 2016 it was 3.3 times higher than during the same period in 2015.
There was also a growing amount of ransomware reported throughout the quarter. This is often propagated through emails with infected attachments - for example Word documents. The main actor on this field in Q1 was the ransomware Trojan Locky, which has been actively distributed via emails in different languages and has targeted at least 114 countries. Locky emails have contained fake information from financial institutions that have deceived users and forced them to open the harmful attachment.
The Kaspersky Lab findings suggest that spam is becoming more popular for fraudsters to target internet users, because web browsing is becoming safer. Almost all popular web-browser developers have now implemented security and anti-phishing protection tools, making it harder for cybercriminals to propagate their malware through infected web pages.
According to the Kaspersky Lab report on spam and phishing the main findings for the quarter were:
- In Q1 2016 Kaspersky Lab registered 56.3% of spam in email flow. This is 2.9 percent lower compared to the same period in 2015, when it equaled 59.2%.
- The largest amount of spam was sent in January (59.6% in overall email traffic). This is because of the end of the holiday season, when the flow of normal, non-spam, emails is usually low.
- The USA retained its position as the biggest source of spam, sending 12.43% of unwanted emails. The share of the USA in this rating is slightly decreasing in comparison to Q1 2015, when it was 14.5%.
- Other large sources of spam included Vietnam (second place with 10.3%) and India (6.16%). This is compared to the same period in 2015, when the second and third places were held by Russia (7.3%) and Ukraine (5.6%). Russia moved to seventh place this quarter with 4.9%.
- 81.9% of spam emails in Q1 2016 were very small size - up to 2 KB, a 2.8 percentage point increase in comparison to the same quarter in 2015. For spammers, smaller emails are easier to handle in mass mailings.
- Germany was the country most targeted by malicious mailshots, with a total share of 18.9% of Kaspersky Lab product users in the country targeted this way. Germany was followed by China (9.43%) and Brazil took third place (7.35%). For the same period in 2015, the top three countries were Great Britain (7.8%), Brazil (7.4%) and the USA (7.2%).
Terrorism became the main topic of spam emails in Q1.
During this quarter fraudsters tried to lure users into opening malicious files, gaining their attention with emails about terrorism. Some spam fraudsters tried to convince recipients that the file attached to their spam email contained a new mobile application, which, after installation, could detect an explosive terrorist device. The email emphasized that the U.S. Department of Defense had discovered this technology and that it was sufficiently simple and accessible. The attachment usually contained an executive file, which was detected as Trojan-Dropper.Win32.Dapato, malware that can steal personal user information, organize DDoS-attacks, and install other malicious software.
Well-known Nigerian spammers also used terrorist topics in their emails. According to the Kaspersky Lab report, the quantity of these emails has increased considerably. These spammers previously preferred to send long emails with a detailed story, and links to news to make it more convincing; however, they are now only sending short messages with no detail, asking the recipients to get in touch.
“Unfortunately we are seeing our previous predictions about the criminalization of spam coming true. Fraudsters are using diverse methods to attract user attention, and to make them drop their guard. Spammers are employing a diversity of languages, social engineering methods, different types of malicious attachments, as well as the partial personalization of email text to look more convincing. The fake messages often imitate notifications from well-known organizations and services. This is raising spam to a new dangerous level.” - warns Daria Gudkova, Spam Analysis Expert, Kaspersky Lab.
To learn more about spam and phishing operations in Q1 2016, please read blog post at securelist.com.
About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company founded in 1997. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them.
Learn more at www.kaspersky.com.
For the latest in-depth information on security threat issues and trends, please visit:
Securelist | Information about Viruses, Hackers and Spam
Threatpost | The First Stop for Security News
Follow @Threatpost on Twitter