Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Email threats 2017: Users encounter threats through email twice as often as other infection vectors

3,328 views

Published on

Email Threats 2017 casts a light on a threat landscape where attackers are actively spreading malicious threats, BEC scams, and a variety of spam through email.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Email threats 2017: Users encounter threats through email twice as often as other infection vectors

  1. 1. Presenter Date Email Threats 2017
  2. 2. 2Copyright © 2017 Symantec Corporation o An email user is almost twice as likely to encounter malware through email than they are through the next-most common infection method, exploit kits. o One out of every nine email users encountered email malware in the first half of 2017. o Approximately 8,000 businesses each month are targeted by BEC scams. o A targeted organization has 5.2 BEC emails sent to them in a given month. o The spam rate for the first half of 2017 reached 54 percent, and is expected to continue to climb as the year progresses. o Without spam filters, a business effectively employs two people to manage spam for every 100 employees. Key findings
  3. 3. 3Copyright © 2017 Symantec Corporation Email malware More than 11% of users in the first half of 2017 had a malicious email sent to them. (One in nine users.) However, if the user works in the Mining or Wholesale Trade industries, they are more than twice as likely to be sent malicious emails. 12 10 11 9 7 7 1 in 6 1 in 8 1 in 10 1 in 12 1 in 14 Email users targeted by malware per month January February March April May June
  4. 4. 4Copyright © 2017 Symantec Corporation o The subjects and message bodies in emails attempt to socially engineer the user. o Top email themes: 1. Billing or invoices: 9.2% 2. Package delivery: 9.1% 3. Scanned documents: 8.4% o The vast majority of malicious emails contained attachments (74 percent). o More than half of these attachments were scripts or Office files with macros, designed to download their payload once the attachment is run. Email malware
  5. 5. 5Copyright © 2017 Symantec Corporation Email malware Since January 2017, the number of emails that contain malicious URLs has begun growing again. One in six malicious emails now contain a malicious URL rather than an attachment. Highest rate seen since November 2014. (A once-off event.) 9.5% 7.2% 5.2% 9.8% 17.6% 16.8% 0% 4% 8% 12% 16% 20% January February March April May June URL malware rate
  6. 6. 6Copyright © 2017 Symantec Corporation o The Necurs botnet was responsible for the largest amount of malicious activity. o This is despite being offline for the first quarter of 2017. o Reasons for 3-month inactivity unknown o BlankSlate was second-most active. o A spam campaign group known for sending blank emails. o Payloads included Cerber, Locky, BTCware Spambots Necurs botnet activity
  7. 7. 7Copyright © 2017 Symantec Corporation o Latest Waledac (a.k.a. Kelihos) takedown resulted in a significant drop in the botnet’s activity. o Alleged owner arrested in April. o Other spambots of note: o Fioesrat o Silentbrute o Pandex o Oliner o Emotet Spambots Waledac botnet activity
  8. 8. 8Copyright © 2017 Symantec Corporation BEC scams Approximately 8,000 businesses each month are targeted by BEC scams. A targeted organization is sent 5 BEC emails in a given month. 4.3 6.8 4.5 5.1 5.9 4.6 0 2 4 6 8 January February March April May June BEC emails per organization
  9. 9. 9Copyright © 2017 Symantec Corporation o Over US$5 billion in losses to BEC scams between late 2013 and the end of 2016. o Subject lines carry a sense of urgency, requiring immediate action. o Attempting to coerce the recipient to act quickly o Scammers often utilize typosquatted email domains. o E.g. amce_inc.com instead of the legitimate acme_inc.com o The goal of most BEC scams is financial, though some target sensitive data such as tax information or other sensitive data or files. BEC scams
  10. 10. 10Copyright © 2017 Symantec Corporation Spam Between 2011 and 2015 the spam rate has been declining. The annual spam rate leveled off at 53 percent for 2015 and 2016. Looking at half-yearly rates, spam rate appears to be climbing back up. First half of 2017 had a spam rate of 54 percent. Second half of the year appears to continue this trend. 51.0% 51.5% 52.0% 52.5% 53.0% 53.5% 54.0% 54.5% 55.0% 55.5% 2015 H1 2015 H2 2016 H1 2016 H2 2017 H1 2017 H2 (est) Spam rate by half year
  11. 11. 11Copyright © 2017 Symantec Corporation o Increase equates to 11 more spam emails in your inbox each month. o Necurs observed sending pump-and-dump spam. o Gamut botnet seen hawking pharmaceuticals and diet pills. o Other campaigns enticing recipients into becoming money mules. o Tofsee botnet responsible for dating spam. o Without spam filters, a business effectively employs two people to manage spam for every 100 employees. Spam
  12. 12. 12Copyright © 2017 Symantec Corporation o 29 percent of all emails within an organization are widely shared. o Almost two-thirds of these broadly shared emails contain sensitive data. o One out of every nine broadly shared emails that contains sensitive data isn’t encrypted. 64% 27% 9% Broadly shared emails with sensitive information Personally Identifiable Information (PII) Payment Card Information (PCI) Protected Healthcare Information (PHI) User email behavior
  13. 13. 13Copyright © 2017 Symantec Corporation 13Copyright © 2017 Symantec Corporation Thank you https://www.symantec.com/security-center Twitter: @threatintel

×