Kaspersky Lab Reports Significant Increase in Malicious Spam Emails in Q1 2016
The latest Kaspersky Lab Spam and Phishing Report has discovered that although the quantity of spam emails has been decreasing, they have become more criminalized
The latest Kaspersky Lab Spam and Phishing Report has discovered that although the quantity of spam emails has been decreasing, they have become more criminalized. At the same time, the level of malicious mailshots has dramatically increased - Kaspersky Lab products prevented 22,890,956 attempts to infect users via emails with malicious attachments in March 2016, twice the number of attempts reported in February 2016.
Since 2012 the level of spam in email traffic has constantly been decreasing. However, the quantity of emails with malicious attachments has increased significantly – in Q1 2016 it was 3.3 times higher than during the same period in 2015. There was also a growing amount of ransomware reported throughout the quarter. This is often propagated through emails with infected attachments - for example Word documents. The main actor on this field in Q1 was the ransomware Trojan Locky, which has been actively distributed via emails in different languages and has targeted at least 114 countries. Locky emails have contained fake information from financial institutions that have deceived users and forced them to open the harmful attachment.
Kaspersky Lab’s findings suggest that spam is becoming more popular for fraudsters to target Internet users, because web browsing is becoming safer. Almost all popular web-browser developers have now implemented security and anti-phishing protection tools, making it harder for cybercriminals to propagate their malware through infected web pages.
According to Kaspersky Lab’s Q1 report on spam and phishing the main findings for the quarter were
• In Q1 2016 Kaspersky Lab registered 56.3% of spam in email flow. This is 2.9 percent lower compared to the same period in 2015, when it equaled 59.2%.
• The largest amount of spam was sent in January (59.6% in overall email traffic). This is explained by the end of the holiday season, when the flow of normal, non-spam, emails is usually low.
• The USA retained its position as the biggest source of spam, sending 12.43% of unwanted emails. The share of the USA in this rating is slightly decreasing in comparison to Q1 2015, when it was 14.5%.
• Other large sources of spam included Vietnam (second place with 10.3%) and India (6.16%). This is compared to the same period in 2015, when the second and third places were held by Russia (7.3%) and Ukraine (5.6%). Russia moved to seventh place this quarter with 4.9%
• 81.9% of spam emails in Q1 2016 were very small size - up to 2 KB, a 2.8 percentage point increase in comparison to the same quarter in 2015. For spammers, smaller emails are easier to handle in mass mailings.
• Germany was the country most targeted by malicious mailshots, with a total share of 18.9% of Kaspersky Lab product users in the country targeted this way. Germany was followed by China (9.43%) and Brazil took third place (7.35%). For the same period in 2015, the top three countries were Great Britain (7.8%), Brazil (7.4%) and the USA (7.2%).
Terrorism became the main topic of spam emails in Q1.
During this quarter fraudsters tried to lure users into opening malicious files, gaining their attention with emails about terrorism, a subject which is always in the news. To prevent terrorist attacks many countries have strengthened their security measures and this has therefore become a popular topic for spam emails.
Some spam fraudsters tried to convince recipients that the file attached to their spam email contained a new mobile application, which, after installation, could detect an explosive terrorist device. The email emphasized that the US Department of Defense had discovered this technology and that it was sufficiently simple and accessible. The attachment usually contained an executive file, which was detected as Trojan-Dropper.Win32.Dapato, malware that can steal personal user information, organize DDoS-attacks and install other malicious software.
Well-known Nigerian spammers also used terrorist topics in their emails. According to the Kaspersky Lab report, the quantity of these emails has increased considerably. These spammers previously preferred to send long emails with a detailed story, and links to news to make it more convincing. However, they are now sending short messages with no detail, asking the recipients to get in touch.
“Unfortunately we are seeing our previous predictions about the criminalization of spam coming true. Fraudsters are using diverse methods to attract user attention, and to make them drop their guard. Spammers are employing a diversity of languages, social engineering methods, different types of malicious attachments, as well as the partial personalization of email text to look more convincing. The fake messages often imitate notifications from well-known organizations and services. This is raising spam to a new dangerous level.” - warns Daria Gudkova, Spam Analysis Expert, Kaspersky Lab.
To learn more about spam and phishing operations in Q1 2016, please read blog post at securelist.com.