2 min read

Research shows spam on decline, but documents a key vulnerability

LeadershipSecurity & PrivacySpam

Spam is on the decline.  That’s right.

But before you break out the champagne, let’s look at the numbers and what they mean.

This is among the key findings from cyber security research firm Trustwave, a cyber security firm, which published its 2015 Global Security Report.

According to the findings, six out of every 10 received emails was spam in 2014.  This is significantly lower than in 2008, where 93 per cent of all inbound messages were spam.

“We attribute the decline in spam volume to the increasing crackdown by security firms and government agencies on big spam and botnet operations,” Trustwave said in the report.  “Spamming botnets constantly morph, become obsolete, get taken down, and/or upgrade in response to market forces, competition and law enforcement.  Cutwail and Kelihos (formerly Storm/Waledac) still operate today despite multiple takedowns and disruption attempts.”

Yet among the junk mail, only six per cent carried malicious links or attachments, which in 2014 included macro Office documents and ransomware, Trustwave said.

In the latter, researchers observed viruses encrypting user data and demanding money in exchange for decryption.  This type of malware goes by names that include CryptoLocker, CryptoWall, Cryptor and CTB-Locker tend to be attached either as a link or an executable to emails that mimic legitimate communications.

What may be even harder to avoid, however, are documents that include what is known as malicious “macro” code.  PDF and PowerPoint documents (ending in .pptx) were the most recognizable of file types to be infected, whose purpose is to download the malware from the web if it is both opened and macro protection is disabled.  Other file types included .jar, .cpl, .lnk, and .chm.

To mitigate email attacks, Trustwave recommends the following steps:

  • Deploy an email security gateway with anti-spam, anti-malware, and policy-based content filtering
  • Reconsider your inbound email policy such as blocking or flagging executable files and unusual file attachments, such as .cpl, chm and lnk files
  • Block or flag macros in Office documents and enabling macro protection, educating users
  • Keep software updated at all times
  • Make sure your email security can handle threats that combine spam with links to malicious websites
  • Conduct mock phishing exercises with your staff.