There has been some good news reported recently that indicates email spam levels are now at the lowest point seen in the past 12 years. According to a report issued by Security company Symantec, spam emails fell to 49.7% of all emails sent in June this year. Spam email levels fell further still in July, dropping to 46.4% of total email volume. Symantec also reported that the volume of phishing campaigns also saw a fall in June.
A number of reasons have been cited for the fall in spam levels, including bringing a number of spammers to justice and closing down their criminal networks, in addition to shutting down a number of rampant botnet networks, many of which were located in the United Kingdom.
The botnets were identified by UK police forces which orchestrated a number of takedowns. UK and European internet service providers had been collaborating with the police and passed on information on suspected botnets, helping to reduce the effectiveness of the networks, ultimately leading to many being shut down.
While this is good news, this does not mean there has been a reduction in risk. Phishing schemes may have seen a small drop in June, but the number of malware variants now being discovered has increased dramatically. The variation in malware is causing a problem, as the malicious software is becoming harder to identify. The extent of the increase in variants is considerable. In just two months the number of malware types had almost doubled from 29.2 million in April to 57.6 million pieces of malware caught by Symantec in July. This is the second highest figure reported in the past 12 months, with only November 2014 seeing more malware attacks caught (63.6 million).
The attack landscape is constantly changing, with cybercriminals now diversifying their attack vectors. Ransomware for instance, is becoming more popular. Just under half a million attacks (477,000) were thwarted by Symantec in June, with the volume of ransomware having risen for two months in a row.
While cyber criminals based in the UK and United States may be diversifying attack vectors, hackers in other countries still favor email spam, with eastern Europe and China still seeing huge volumes of spam emails being sent. It is certainly not a time to let one’s guard down or become complacent about email spam.
Businesses Still Receiving High Volumes of Spam Emails
Overall, levels of spam may have fallen, but small to mid-sized companies are still seeing high levels of spam emails received, with the percentage of spam emails remaining above 50%. Spam email traffic to small to medium companies (those with one to 250 employees) stood at 52% in June.
Malicious emails are also still being used extensively to target organizations of all sizes. In June, malicious emails were being most commonly used against companies employing 1501-2500 individuals, with one in 164 emails recorded as being malicious in nature.
In July the figures had improved, with organizations employing 251-500 individuals the most common recipients of malicious emails, registering one email in 260 as being malicious in nature, closely followed by small organizations employing under 250 individuals, with one in 275 emails rated as malicious.
Spam emails were still being sent at high levels to particular industries, with mining and manufacturing industries receiving high levels of spam in June. Over 56% of emails received in the mining sector were spam, with the manufacturing, construction, retail and non-traditional service industries all registering spam email volumes of 53% or more in June.
The figures for July actually showed an increase in spam for some industry sectors. Mining had increased to 55.7%, with only very slight falls in spam levels in other industry sectors. Manufacturing, retail and construction all registered spam percentages above 53%.
Each of the other 6 industry sectors (Professional services, agriculture/forestry/fishing, wholesale, non-classifiable establishments, finance/insurance/real estate, and non-traditional services) all registered spam email percentages of between 51.9% and 52.5%, indicating email spam remains a major problem for most U.S. businesses.