Application security, Malware, Phishing

Email malware, phishing and spam attempts hit new highs for 2017

The number of emails carrying malware increased to a new high in July with one in every 359 emails carrying a malicious payload, according to Symantec's July Intelligence Report.

July also saw increases in the number of phishing attempts and spam, but the increasing use by cybercriminals of email to spread malware took center stage reaching a level not seen since December 2016. The rate of infected emails in July was one in 359, up from one in 451 in June and significantly higher than the one in 784 emails that was reported in January. However, even July's rate is much lower than what was happening in late 2016 when the number of emails carrying malware ranged between one and 111 and one and 170.

“This trend in malware being distributed through email seems to be catching on, with several infamous malware families recently adding functionality that allows them to spread via spam email,” the report said.

These trojans being Emotet and TrickBot with the former now having the ability to steal email credentials which are then used to send out more spam in order to propagate an attack. TrickBot is now also using spam posing as an invoice from a financial institution to spread itself, but the new email feature has not been fully implemented yet so this could become a more serious threat.

In July most email malware targeted the agricultural, forestry, mining and public administration industries with companies employing between 1 and 250 and 1,001 to 1,500 people being hit most often.

Unlike the email malware rate which is still below its record levels, the amount of spam spewing into inboxes globally is at its highest rate since March 2015. This is, in part, related to the fact that Emotet and TrickBot are stealing email addresses to feed their spam campaigns. The other issued driving spam is illegal activity by legitimate firms. Symantec pointed to a $104,000 fine that was levied against the UK firm Moneysupermarket.com for sending 7.1 million emails to customers who had specifically opted out of receiving marketing emails.

Phishing emails are also hitting recent highs with one in every 1,968 emails falling into this category in July, up ever so slightly from the one in 1,975 emails in June, but well above the one in every 9,138 emails that was reported in March 2017.

The mining industry was the most phished and was the top spam recipient, the report stated.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.