SlideShare a Scribd company logo

Spam Morphs from a Nuisance to a Threat

Osterman Research, Inc.
Osterman Research, Inc.

The document summarizes how spam has evolved from a nuisance to a serious threat. While spam volumes are lower than in the past, representing 75% of email rather than 90%, the threat from spam is now greater due to spammers focusing on stealing information rather than selling products, using more sophisticated phishing techniques, and delivering more damaging payloads and links. The key threats are data theft from malware infiltrating corporate networks, hijacking of systems, and launching additional attacks. Decision makers should view spam as a serious threat despite lower volumes.

TechnologyNews & Politics
1 of 12
Download to read offline
WHITE PAPER Spam Morphs From a Nuisance to a Threat ON An Osterman Research White Paper Published December 2011 SPONSORED BY sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 • Black Diamond, Washington • 98010-1058 • USA Tel: +1 253 630 5839 • Fax: +1 253 458 0934 • info@ostermanresearch.com www.ostermanresearch.com • twitter.com/mosterman
Spam Morphs from a Nuisance to a Threat Executive Summary Spam volumes are substantially lower today than they were last year: as of late 2011, spam accounts for roughly 75% of the email that traverses the Internet compared to about 90% in 2010. The result is billions fewer spam messages being received by end users every month, leading some to believe that the spam problem is now less serious than it has been for many years. However, while spam volumes are lower than they have been in many years, the threat that companies face from spam is actually much greater than it was when spam volumes were “I don’t fear the much higher. This is because a) the primary spam threat is no man who wants longer about selling products but stealing information, b) twenty nuclear spammers are getting smarter and more effective by improving the ability of their phishing and spearphishing attacks to weapons, I fear penetrate corporate security systems, and c) the payloads and the man who links that spam delivers are more damaging. wants one”. In short, the spam problem can be summarized by the quote in George Clooney the callout: the problem is not one of the sheer volume of the The Peacemaker threats, but of their effectiveness and intent. KEY TAKEAWAYS There are four key points made in this white paper: • During the past 12 months, 37% of mid-sized and large organizations in North America have had malware successfully infiltrate their corporate network through email. Many of these attacks have been quite serious, resulting in the loss of millions of dollars, as well as loss of sensitive financial data and intellectual property. • The disappearance of the network perimeter that has been enabled by the consumerization of IT has created more endpoints for incursion of spam and malware. This, coupled with increasingly sophisticated and target phishing attempts, means that the problem of malicious spam infiltration will become worse. • As a corollary to the point above, the increasing sophistication of phishers’ targeting of senders is heralding a new era in these criminals’ ability to focus their attacks, with a corresponding decrease in these individuals’ ability to identify phishing attempts. • Decision makers should view spam as a very serious threat and not minimize the severity of the threat it poses because spam volumes are decreasing. ABOUT THIS WHITE PAPER This white paper is focused on helping decision makers to understand that the problem with spam is more serious today than it was when spam volumes were higher. It also offers a brief overview on the sponsor of this white paper, Abaca, and its anti-spam capabilities. ©2011 Osterman Research, Inc. 1
Spam Morphs from a Nuisance to a Threat Some Background on Spam THE PROBLEM OF MALICIOUS EMAIL Spam is a problem – it wastes bandwidth, storage, and employee time, not to mention the cost of deploying systems to deal with processing and deleting spam from corporate networks. However, the dramatically more sinister side of the spam problem is malicious email – messages that are sent with the specific intent of stealing content like banking credentials, usernames and passwords for corporate applications, Social Security numbers, credit card numbers and other sensitive information. The goal of those who send malicious email is simple: a) steal money, b) steal data or c) cause serious disruption to networks or critical systems. MALICIOUS EMAIL IS DANGEROUS AND EXPENSIVE The security risks from spam are quite real and they are no longer just a nuisance as in years past. The growing variety of keystroke loggers, password-stealing Trojans and other threats means that corporate data is increasingly at risk. Data theft can include sensitive content like usernames and passwords, but also financial data, customer data, trade secrets and other types of confidential information. The increasing end goals of stealing information (personal and corporate), hijacking systems for a wide range of purposes and launching additional malicious attacks all have serious business implications, in addition to the more traditional impacts to bandwidth, infrastructure and other costs. For example, there have been a number of serious spam-based incursions during the past year: • In September 2011, Mitsubishi Heavy Industries was the victim of a spearphishing attack that ended up compromising 83 different systems in 10 locations across the companyi. • In June 2011, the International Monetary Fund (IMF) was the victim of a spearphishing attack that may have been perpetrated by a rogue state. Although employees were warned not to open attachments they were not expecting, open email from unknown senders or click on video links, malware in an email successfully penetrated IMF defenses and information was stolen from compromised computersii. • In April 2011, hackers sent phishing emails to a number of lower level employees at RSA. These emails contained the subject line “2011 Recruitment Plan” and included an Excel spreadsheet as an attachment that contained a zero-day flaw in Adobe Flash. Although the emails were successfully diverted to these users’ spam quarantines, the emails were opened and a Trojan was installed that successfully harvested credentials from a large number of employee accounts, compromising RSA’s SecurID tagsiii. As of late 2011, 760 organizations have been attacked using the same command and control, including IBM, Google, Microsoft and about one-fifth of the Fortune 500iv. • On April 7, 2011, a spearphishing attack directed at the Oak Ridge National Laboratory was able to steal a few megabytes of data before IT administrators cut off Internet access. The email sent to employees was purportedly from the lab’s HR department and was received by 530 employees, 57 of whom clicked on a malicious link contained in the emailv. • In November 2010, a 26-year-old Hungarian citizen, in a bizarre attempt to be hired by Marriott International, sent an infected email attachment to various Marriott employees that ©2011 Osterman Research, Inc. 2
Spam Morphs from a Nuisance to a Threat allowed him to steal sensitive information from the company. Marriott estimates that the cost of analyzing the extent of the compromise of its network cost it between $400,000 and $1 millionvi. • In November 2010, employees at France’s Ministry of Economics, Finances, and Industry received spearphishing emails that contained a Trojan. A minimum of 150 computers were compromised and sensitive documents related to the G-20 were stolenvii. It is also important to note that information stolen as a result of phishing attacks can be used to generate new phishing attacks, exacerbating the problem. For example, data hijacked in the Epsilon breach earlier in 2011 is now being used to target customers of Chase Bank. SPAMMER TECHNIQUES Spammers use a variety of techniques to deliver their content: • Botnets Spammers use botnets that consist of millions of ‘zombie’ computers – computers in homes and the workplace that are infected with a virus, worm or Trojan that permits them to be controlled by a remote entity. Spammers can rent botnets for content-distribution campaigns. Using botnets, a small number of messages can be sent from each of thousands of computers, effectively hiding each zombie from detection by ISPs or network administrators using conventional tools. Botnets are a critical problem not only because they are responsible for the vast majority of spam sent across the Internet today, but also because they are used for a wide range of purposes beyond just spam delivery. These include hosting malware sites, perpetrating distributed denial-of-service attacks, click fraud and credit card fraud. Botnets can be hard to detect and hard to remove. • Spam filter-avoidance techniques The simpler of these techniques involves text obfuscation, such as misspelling keywords; Bayesian poisoning (the process of including specific keywords into spam messages in an attempt to trick Bayesian filters into thinking a message is legitimate); introducing valid text into spam messages; using various HTML techniques to fool filters into not recognizing offensive content; and other techniques. These techniques typically can bypass many traditional content-filters, and those using a Bayesian approach. • Spam with attachments Similar to image spam, but using PDF files, spreadsheets or ZIP files as payloads to carry the spam content, often malware. One technique is to send calendar invitations as malicious email attachments. • Image-based spam Image-based spam is represented as one or more images that typically use non-standard fonts, background ‘snow’, randomized backgrounds, slanted lines of text, blurriness and other distortions to defeat more conventional spam-filtering technologies, as shown in the example at right. Image spam is a particularly serious problem for mail servers and recipients, since each message is typically much larger than a conventional, text-based spam message. Image spam, while still used by spammers, is less of a problem today than it was in 2007. ©2011 Osterman Research, Inc. 3
Spam Morphs from a Nuisance to a Threat • Alternative spam languages Spammers will often target their content to users who speak specific languages. There is a growing trend for more localized distribution with diversified languages. For example, in early 2010 96% of spam was in English – as of early 2011 it was 90%viii. “DECENT” SPAM CAPTURE RATES ARE NOT ENOUGH A spam filtering solution that catches the “vast majority” of spam simply isn’t acceptable in an era of spamming that is specifically targeted to employees using social engineering and other techniques. For example, a 98% capture rate – while seemingly acceptable – will increase the chance of infection by 200 times compared to a solution that captures 99.99% of spam. Spams Received Daily per 1,000 Employees Assuming 100 Emails Received per Employee per Day Likelihood of Potentially Infection Malicious Spam Compared to Capture Rate Emails Received 99.99% 95.0% 5,000 500x 98.0% 2,000 200x 99.0% 1,000 100x 99.5% 500 50x 99.9% 100 10x 99.99% 10 - Spam Isn’t an Issue Anymore…Right? A BIT OF GOOD NEWS: SPAM VOLUMES ARE DECLINING Spam volumes dropped significantly in late 2010, followed by a rapid increase in the volume of spam partway through March 2011. However, since the seemingly permanent takedown of the Rustock botnet in March 2011, spam volumes are now at significantly lower average levels than they have been for many years. The elimination of the Rustock botnet was significant, since it was the largest of the many botnets in operation with anywhere from 1.1 million to 1.7 million compromised computers in operationix. As evidence of the decreasing proportion of spam traversing the Internet relative to valid email are Symantec.cloud statistics that show spam decreasing from 92% in August 2010 to 79% in January 2011 to 74% in October 2011x. LOTS OF BAD NEWS: SPAM IS MORE SERIOUS THAN EVER In a recent Osterman Research surveyxi of mid-sized and large organizations in North America, three out of four respondents have experienced some form of security compromise during the past 12 months, with malware ingress through email a predominant avenue for these incursions. Moreover, 34% of the IT decision makers surveyed are concerned or seriously concerned about the amount of spam their organization receives, while 26% are this concerned about the number of false positives they get in their current anti-spam filtering systems. ©2011 Osterman Research, Inc. 4
Spam Morphs from a Nuisance to a Threat Security Incidents That Have Occurred During the Previous 12 Months NETWORKS ARE ALREADY COMPROMISED In an Osterman Research survey conducted during January 2011, decision makers and influencers demonstrated that they were relatively pessimistic about the future of spam and malware problems as they entered 2011, as shown in the following figure. ©2011 Osterman Research, Inc. 5
Spam Morphs from a Nuisance to a Threat Predictions About Global Spam and Malware Problems in 2011 Decision makers were right to be pessimistic. Despite the decreases in spam volumes, there has been relatively little good news in the context of threats directed against messaging and Web users. Further, while many decision makers are taking messaging and Web security threats quite seriously, a soft economy coupled with threats that are rapidly increasing in sophistication and severity, means that many organizations are not keeping pace with the threats they face. A Zero Tolerance Approach to Malicious Mail SPAM VOLUMES ARE NOT THE FUNDAMENTAL ISSUE Somewhat predictably, many members of the press, analyst and IT community have assumed that the significant decrease in the amount of spam over the past several months indicates that the spam problem is much less serious than it was when volumes were much higher. However, because the decrease in spam volumes has been accompanied by more serious threats delivered through spam, the spam problem is actually more critical now that volumes are lower. YOU ARE A TARGET FOR THE BAD GUYS Moreover, there are a variety of less catastrophic problems caused by spam, but these issues are serious nonetheless: ©2011 Osterman Research, Inc. 6
Spam Morphs from a Nuisance to a Threat • Data breaches A breach of customer or consumer data caused by a successful phishing attempt can lead to a number of serious consequences. Because there are data breach notification laws in 46 of the 50 US states, one Canadian province, and in many nations around the world, organizations that lose this data are liable not only for the direct costs of notifying victims, but they may also be liable in legal actions, they may have to pay for credit reporting services, and they will almost certainly suffer a loss of reputation and brand damage. • Advanced persistent threats An advanced persistent threat (APT) is serious in that it represents a protracted attack against a company, government or some other entity by one or more hackers. The seriousness of APTs is underscored by the fact that these threats are generally directed by humans that are intent on penetrating corporate or other defenses, not simply automated threats that are looking for targets of opportunity. Consequently, those directing APTs will change tactics as they encounter resistance to attacks among their targets, such as the deployment of new defense mechanisms. One example of an APT is a distributed denial-of-service (DDoS) attack aimed at mining interests in China, the United States, Singapore and Hong Kongxii. This attack, which began in September 2009, uses a specialized piece of malware identified as JKDDOSxiii for which more than 50 variants have been identified. This malware can be distributed in a variety of ways and, with sizes as small as 17Kb, can easily be distributed via email. • Increased storage requirements As more malicious content comes into a network, more of this content must be stored for review in quarantines and archives. Given that this content is normally preserved for at least 30 days in order to give employees time to review it for false positives, increases in malicious content entering a network inevitably lead to increased storage requirements. Further, storage spikes add significant volatility to storage needs, making it difficult to plan storage capacity accurately. What Should You Do Next? Osterman Research recommends that organizations of any size undertake a four-step program to address their issues with spam: 1. First and foremost, understand that you still have a spam problem Even though absolute spam volumes are decreasing, the threats from spam entering your network are becoming more severe and stealthier over time. One way to think about this is from the perspective of physical security: if you formerly had 100 people using brute force in an attempt to break into your home and today you have only 50 people doing so, but with more sophisticated tools, your problem is actually getting worse, not better. 2. Understand the nature of the threats While spam used to be a nuisance – albeit an expensive one – today it is a major threat vector that can result in the loss of hundreds of thousands or millions of dollars in funds. The problem is becoming more serious not only because of the consequences of a ©2011 Osterman Research, Inc. 7
Spam Morphs from a Nuisance to a Threat successful incursion into your network, but because there are more endpoints through which criminals can gain access to your data, funds and intellectual property. 3. Train your users, but protect them from themselves Users are clearly the first line of defense in any security scheme. They must be trained about the appropriate way to handle emails from unknown sources, why they should not click on links contained in email, what to do with attachments in email, and so forth. Training programs should be thorough and updated with sufficient frequency to address new threats as they arise. It is important to note that while users are a useful step in preventing the infiltration of malicious content by carefully evaluating the content they receive, even the most careful and experienced user can still be fooled by social engineering and other spammer techniques. 4. Finally, deploy very robust anti-spam technology No amount of training or user awareness will protect an organization from the onslaught of threats they face from spam. As a result, every organization should deploy capabilities that will capture the highest possible proportion of spam entering their network with as low a false positive ratio as possible. For example, as shown in the previous table, increasing the spam capture rate from 95% to 99% will reduce the potential for malicious email infiltration by 80%. It is important to evaluate spam-filtering vendors based on their ability to capture very high rates of malicious content. However, it is also important to focus on high-performance spam filtering capabilities that will enable the processing of large amounts of spam, such as during spikes in spam activity, as well as energy efficiency to minimize power requirements for the overall security infrastructure. Moreover, consider layered email filtering using a combination of cloud- based and on-premise solutions that will make deployment easier and minimize the risks from malicious email. Summary Somewhat ironically, spam volumes are decreasing while the threat from spam is increasing. Where spam used to be a nuisance, today it represents an enormous threat vector because it carries malware and links to malware-laden sites. Just one user clicking on one link in one spam message can set in motion a massive data breach, the loss of funds or the loss of intellectual property. Consequently, organizations should pursue best practices with regard to training users about how to manage email, but they should also deploy highly effective anti- spam technologies that will block as much spam as possible from reaching end users. ©2011 Osterman Research, Inc. 8
Spam Morphs from a Nuisance to a Threat About Abaca Abaca, founded in 2005 by Steve Kirsch, a respected Silicon Valley entrepreneur and philanthropist, is a privately held company headquartered in San Jose, California. Abaca is an innovator in email protection and messaging security. The company’s next generation technology, ReceiverNet®, offers a revolutionary approach in the fight against spam – providing an unprecedented level of performance and guaranteeing a minimum of 99% accuracy. Abaca has created a portfolio of advanced products and services based upon this core technology, thereby assuring users unparalleled messaging protection from spam, virus and phishing attacks. HOW IT WORKS Unlike conventional email filters that narrowly focus on detecting spam-like content or known senders of spam, Abaca takes a multi-dimensional approach. It works in real-time to analyze a number of factors to create an extremely accurate probability model of whether or not a message is spam. Because it does not rely on content inspection, the Abaca solution is completely language independent and immune to many of the most sophisticated tricks that spammers use to mask commercial or malicious content. Key to the revolutionary Abaca Solution is a multi-layered approach that combines several techniques to deliver unparalleled effectiveness: • Deep Envelope Inspection There is more to an email header than meets the eye. A deep analysis of the header reveals critical information such as how it got to the receiver—e.g., did it come directly from your bank or was it in the hands of someone bad in the middle. Experience gained from processing billions of messages a month has enabled Abaca to develop automated forensics that look for telltale signs of forged headers and obfuscated sender addresses—all in real time. This automated intelligence validates the envelope and detects who sent it and who handled it in between. • Receiver Reputation Although the ingenuity of spammers is unlimited, Abaca has developed a revolutionary technology that relies on the fact that they will always need someone to receive their mail. The patented Abaca ReceiverNet™ Protection Network rates individual receivers based on a number of factors, including how much spam they attract. By applying this reputation rating to approximately 50 other variables—including information gleaned from deep envelop inspection—Abaca achieves a 99.997 percent catch rate as verified in independent tests. • Instant Intelligence Because the ReceiverNet network is based in the cloud, information on a large number of receivers can be leveraged to more accurately establish the reputation of the individual receivers. It all works automatically without the need for administrators to manually update lists of bad senders, the latest malware, or other email-borne threats. The cloud-based system also uses this large pool of data to learn, so that unlike conventional solutions that degrade over time, it becomes more accurate with each email. It also remembers feedback from individual users to learn what email they want to receive. ©2011 Osterman Research, Inc. 9
Spam Morphs from a Nuisance to a Threat • Deterministic Algorithm When an email arrives at the Abaca filter—whether in the cloud, a private cloud, or installed in front of a corporate email server or at an ISP—a small portion of the critical header message is stripped and sent to the ReceiverNet network. The advanced ReceiverNet algorithm instantly computes the odds that the message is spam by a using mathematical analysis that combines receiver reputation with other variables. Depending on whether the customer has deployed Abaca Cloud as a filter or prefilter, the message is then either blocked or marked as probably spam for the local filter to make a determination. ABACA’S CUSTOMERS Abaca’s customer base represents leading businesses and Abaca’s organizations from all industries, including: banking/finance, technology is education, energy, healthcare / pharmaceuticals, manufacturing, technology, and telecommunications. Abaca’s used to protect customer base also includes a growing list of regional and Yahoo! custom- international Internet service providers. ers’ 250 million mailboxes and Abaca’s technology is used to protect Yahoo! customers’ 250 million mailboxes and blocks more than 80,000 emails per blocks more than second. 80,000 emails per second. Abaca is 100% focused on customer success with customer success the cornerstone of the business. The company assesses its own corporate success by that of its customers. For more information on Abaca customers, read the company’s customer testimonials and selected success stories at www.abaca.com. ©2011 Osterman Research, Inc. 10
Spam Morphs from a Nuisance to a Threat © 2011 Osterman Research, Inc. All rights reserved. No part of this document may be reproduced in any form by any means, nor may it be distributed without the permission of Osterman Research, Inc., nor may it be resold or distributed by any entity other than Osterman Research, Inc., without prior written authorization of Osterman Research, Inc. Osterman Research, Inc. does not provide legal advice. Nothing in this document constitutes legal advice, nor shall this document or any software product or other offering referenced herein serve as a substitute for the reader’s compliance with any laws (including but not limited to any act, statue, regulation, rule, directive, administrative order, executive order, etc. (collectively, “Laws”)) referenced in this document. If necessary, the reader should consult with competent legal counsel regarding any Laws referenced herein. Osterman Research, Inc. makes no representation or warranty regarding the completeness or accuracy of the information contained in this document. THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS OR IMPLIED REPRESENTATIONS, CONDITIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE DETERMINED TO BE ILLEGAL. i http://www.eweek.com/c/a/Security/Mitsubishi-Heavy-Network-Most-Likey-Compromised-by-SpearPhishing-Attack-335314/ ii http://www.eweek.com/c/a/Security/IMF-Breach-May-Be-StateSponsored-Spear-Phishing-Attack-526401/ iii http://www.pcmag.com/article2/0,2817,2382970,00.asp#fbid=uW9bd7GksLR iv http://money.cnn.com/2011/10/27/technology/rsa_hack_widespread/index.htm v http://www.wired.com/threatlevel/2011/04/oak-ridge-lab-hack/ vi http://www.courthousenews.com/2011/11/29/41751.htm vii http://arstechnica.com/security/news/2011/03/hackers-spear-phish-infiltrate-french-ministry-of-finances.ars viii http://royal.pingdom.com/2011/01/19/email-spam-statistics/ ix Ibid x http://www.symanteccloud.com/globalthreats/charts/spam_monthly xi Messaging and Web Security Market Trends, 2011-2014, Osterman Research, Inc. xii http://news.hostexploit.com/cyber-security-news/4827-understanding-advanced-persistent-threats.html xiii http://ddos.arbornetworks.com/2011/03/jkddos-ddos-bot-with-an-interest-in-the-mining-industry/ ©2011 Osterman Research, Inc. 11

Recommended

Stalking2
Stalking2Stalking2
Stalking2
Rahul Gupta
 
Anti-Spam Topical White Paper from Finjan
Anti-Spam Topical White Paper from FinjanAnti-Spam Topical White Paper from Finjan
Anti-Spam Topical White Paper from Finjan
Elliott Lowe
 
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Jason Hong
 
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Jason Hong
 
Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009
Kim Jensen
 
Digital Blackmail as an Emerging Tactic
Digital Blackmail as an Emerging TacticDigital Blackmail as an Emerging Tactic
Digital Blackmail as an Emerging Tactic
Christopher Porter
 
Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010
Symantec Italia
 
Cybercrime
CybercrimeCybercrime
Cybercrime
Keller Williams Lynchburg
 

Recommended

Stalking2
Stalking2Stalking2
Stalking2
Rahul Gupta
 
Anti-Spam Topical White Paper from Finjan
Anti-Spam Topical White Paper from FinjanAnti-Spam Topical White Paper from Finjan
Anti-Spam Topical White Paper from Finjan
Elliott Lowe
 
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Jason Hong
 
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Jason Hong
 
Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009
Kim Jensen
 
Digital Blackmail as an Emerging Tactic
Digital Blackmail as an Emerging TacticDigital Blackmail as an Emerging Tactic
Digital Blackmail as an Emerging Tactic
Christopher Porter
 
Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010
Symantec Italia
 
Cybercrime
CybercrimeCybercrime
Cybercrime
Keller Williams Lynchburg
 
Cybercrime
CybercrimeCybercrime
Cybercrime
Vinil Patel
 
Cyber Spamming & its Types
Cyber Spamming & its TypesCyber Spamming & its Types
Cyber Spamming & its Types
hirakhalid2394
 
Spam Report Gennaio 2010
Spam Report Gennaio 2010Spam Report Gennaio 2010
Spam Report Gennaio 2010
Symantec Italia
 
Information-Security-Lecture-6.pptx
Information-Security-Lecture-6.pptxInformation-Security-Lecture-6.pptx
Information-Security-Lecture-6.pptx
anbersattar
 
Messaging and Web Security
Messaging and Web SecurityMessaging and Web Security
Messaging and Web Security
GFI Software
 
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
IJNSA Journal
 
Spamming as cyber crime
Spamming as cyber crimeSpamming as cyber crime
Spamming as cyber crime
gagan deep
 
2010q1 Threats Report
2010q1 Threats Report2010q1 Threats Report
2010q1 Threats Report
McafeeCareers
 
ODMOB Ransomware newsletter final
ODMOB Ransomware newsletter finalODMOB Ransomware newsletter final
ODMOB Ransomware newsletter final
DOTS Talent Solutions
 
Introduction to cybercrime
Introduction to cybercrime Introduction to cybercrime
Introduction to cybercrime
Anjana Ks
 
Mobile security hakin9_Revista
Mobile security hakin9_RevistaMobile security hakin9_Revista
Mobile security hakin9_Revista
the_ro0t
 
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
Symantec
 
Modern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panelModern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panel
Ramsés Gallego
 
Social Engineering CSO Survival Guide
Social Engineering CSO Survival GuideSocial Engineering CSO Survival Guide
Social Engineering CSO Survival Guide
E.S.G. JR. Consulting, Inc.
 
SEO2India - Cyber crime
SEO2India - Cyber crimeSEO2India - Cyber crime
SEO2India - Cyber crime
SEO2India - Devang Barot - SEO2India
 
kmd_hst_201312
kmd_hst_201312kmd_hst_201312
kmd_hst_201312
Samuel Boyle
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
24sneha
 
Symantec Internet Security Threat Report 2014 - Volume 19
Symantec Internet Security Threat Report 2014 - Volume 19Symantec Internet Security Threat Report 2014 - Volume 19
Symantec Internet Security Threat Report 2014 - Volume 19
Symantec
 
Increasing Vulnerability of the user Data at Cyberspace
Increasing Vulnerability of the user Data at CyberspaceIncreasing Vulnerability of the user Data at Cyberspace
Increasing Vulnerability of the user Data at Cyberspace
ijtsrd
 
Email Security Threats: IT Manager's Eyes Only
Email Security Threats: IT Manager's Eyes Only Email Security Threats: IT Manager's Eyes Only
Email Security Threats: IT Manager's Eyes Only
Topsec Technology
 
Cybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteCybercrime - An essential guide from Thawte
Cybercrime - An essential guide from Thawte
RapidSSLOnline.com
 
Compilation of phishing and keylogger attacks
Compilation of phishing and keylogger attacksCompilation of phishing and keylogger attacks
Compilation of phishing and keylogger attacks
ArrayShield Technologies Private Limited
 

More Related Content

What's hot

Cybercrime
CybercrimeCybercrime
Cybercrime
Vinil Patel
 
Cyber Spamming & its Types
Cyber Spamming & its TypesCyber Spamming & its Types
Cyber Spamming & its Types
hirakhalid2394
 
Spam Report Gennaio 2010
Spam Report Gennaio 2010Spam Report Gennaio 2010
Spam Report Gennaio 2010
Symantec Italia
 
Information-Security-Lecture-6.pptx
Information-Security-Lecture-6.pptxInformation-Security-Lecture-6.pptx
Information-Security-Lecture-6.pptx
anbersattar
 
Messaging and Web Security
Messaging and Web SecurityMessaging and Web Security
Messaging and Web Security
GFI Software
 
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
IJNSA Journal
 
Spamming as cyber crime
Spamming as cyber crimeSpamming as cyber crime
Spamming as cyber crime
gagan deep
 
2010q1 Threats Report
2010q1 Threats Report2010q1 Threats Report
2010q1 Threats Report
McafeeCareers
 
ODMOB Ransomware newsletter final
ODMOB Ransomware newsletter finalODMOB Ransomware newsletter final
ODMOB Ransomware newsletter final
DOTS Talent Solutions
 
Introduction to cybercrime
Introduction to cybercrime Introduction to cybercrime
Introduction to cybercrime
Anjana Ks
 
Mobile security hakin9_Revista
Mobile security hakin9_RevistaMobile security hakin9_Revista
Mobile security hakin9_Revista
the_ro0t
 
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
Symantec
 
Modern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panelModern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panel
Ramsés Gallego
 
Social Engineering CSO Survival Guide
Social Engineering CSO Survival GuideSocial Engineering CSO Survival Guide
Social Engineering CSO Survival Guide
E.S.G. JR. Consulting, Inc.
 
SEO2India - Cyber crime
SEO2India - Cyber crimeSEO2India - Cyber crime
SEO2India - Cyber crime
SEO2India - Devang Barot - SEO2India
 
kmd_hst_201312
kmd_hst_201312kmd_hst_201312
kmd_hst_201312
Samuel Boyle
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
24sneha
 
Symantec Internet Security Threat Report 2014 - Volume 19
Symantec Internet Security Threat Report 2014 - Volume 19Symantec Internet Security Threat Report 2014 - Volume 19
Symantec Internet Security Threat Report 2014 - Volume 19
Symantec
 
Increasing Vulnerability of the user Data at Cyberspace
Increasing Vulnerability of the user Data at CyberspaceIncreasing Vulnerability of the user Data at Cyberspace
Increasing Vulnerability of the user Data at Cyberspace
ijtsrd
 
Email Security Threats: IT Manager's Eyes Only
Email Security Threats: IT Manager's Eyes Only Email Security Threats: IT Manager's Eyes Only
Email Security Threats: IT Manager's Eyes Only
Topsec Technology
 

What's hot (20)

Cybercrime
CybercrimeCybercrime
Cybercrime
 
Cyber Spamming & its Types
Cyber Spamming & its TypesCyber Spamming & its Types
Cyber Spamming & its Types
 
Spam Report Gennaio 2010
Spam Report Gennaio 2010Spam Report Gennaio 2010
Spam Report Gennaio 2010
 
Information-Security-Lecture-6.pptx
Information-Security-Lecture-6.pptxInformation-Security-Lecture-6.pptx
Information-Security-Lecture-6.pptx
 
Messaging and Web Security
Messaging and Web SecurityMessaging and Web Security
Messaging and Web Security
 
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
EXPLORING HISTORICAL AND EMERGING PHISHING TECHNIQUES AND MITIGATING THE ASSO...
 
Spamming as cyber crime
Spamming as cyber crimeSpamming as cyber crime
Spamming as cyber crime
 
2010q1 Threats Report
2010q1 Threats Report2010q1 Threats Report
2010q1 Threats Report
 
ODMOB Ransomware newsletter final
ODMOB Ransomware newsletter finalODMOB Ransomware newsletter final
ODMOB Ransomware newsletter final
 
Introduction to cybercrime
Introduction to cybercrime Introduction to cybercrime
Introduction to cybercrime
 
Mobile security hakin9_Revista
Mobile security hakin9_RevistaMobile security hakin9_Revista
Mobile security hakin9_Revista
 
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
RSA 2013 Session: Mobile Security Smackdown: How Government “Pwned” The Priva...
 
Modern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panelModern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panel
 
Social Engineering CSO Survival Guide
Social Engineering CSO Survival GuideSocial Engineering CSO Survival Guide
Social Engineering CSO Survival Guide
 
SEO2India - Cyber crime
SEO2India - Cyber crimeSEO2India - Cyber crime
SEO2India - Cyber crime
 
kmd_hst_201312
kmd_hst_201312kmd_hst_201312
kmd_hst_201312
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Symantec Internet Security Threat Report 2014 - Volume 19
Symantec Internet Security Threat Report 2014 - Volume 19Symantec Internet Security Threat Report 2014 - Volume 19
Symantec Internet Security Threat Report 2014 - Volume 19
 
Increasing Vulnerability of the user Data at Cyberspace
Increasing Vulnerability of the user Data at CyberspaceIncreasing Vulnerability of the user Data at Cyberspace
Increasing Vulnerability of the user Data at Cyberspace
 
Email Security Threats: IT Manager's Eyes Only
Email Security Threats: IT Manager's Eyes Only Email Security Threats: IT Manager's Eyes Only
Email Security Threats: IT Manager's Eyes Only
 

Similar to Spam Morphs from a Nuisance to a Threat

Cybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteCybercrime - An essential guide from Thawte
Cybercrime - An essential guide from Thawte
RapidSSLOnline.com
 
Compilation of phishing and keylogger attacks
Compilation of phishing and keylogger attacksCompilation of phishing and keylogger attacks
Compilation of phishing and keylogger attacks
ArrayShield Technologies Private Limited
 
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Roger Hagedorn
 
How and Why to Make Email Everyone's Business
How and Why to Make Email Everyone's BusinessHow and Why to Make Email Everyone's Business
How and Why to Make Email Everyone's Business
Sendio
 
negative implications of IT
negative implications of ITnegative implications of IT
negative implications of IT
MahdiRahmani15
 
Copy of policing the internet_040555.pptx
Copy of policing the internet_040555.pptxCopy of policing the internet_040555.pptx
Copy of policing the internet_040555.pptx
MdRuga
 
Ransomware all locked up book
Ransomware all locked up bookRansomware all locked up book
Ransomware all locked up book
Diego Souza
 
cyber threats and attacks.pptx
cyber threats and attacks.pptxcyber threats and attacks.pptx
cyber threats and attacks.pptx
sakshiyad2611
 
Cybercrime: A Seminar Report
Cybercrime: A Seminar ReportCybercrime: A Seminar Report
Cybercrime: A Seminar Report
Arindam Sarkar
 
Phishing.pdf
Phishing.pdfPhishing.pdf
Phishing.pdf
MariGogokhia
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112
Erik Ginalick
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threats
ReadWrite
 
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-EgbulemIT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
Lillian Ekwosi-Egbulem
 
Arrott Htcia St Johns 101020
Arrott Htcia St Johns 101020Arrott Htcia St Johns 101020
Arrott Htcia St Johns 101020
Anthony Arrott
 
IRJET- A Survey on Automatic Phishing Email Detection using Natural Langu...
IRJET- A Survey on Automatic Phishing Email Detection using Natural Langu...IRJET- A Survey on Automatic Phishing Email Detection using Natural Langu...
IRJET- A Survey on Automatic Phishing Email Detection using Natural Langu...
IRJET Journal
 
A Survey On Cyber Crime Information Security
A Survey On Cyber Crime Information SecurityA Survey On Cyber Crime Information Security
A Survey On Cyber Crime Information Security
Michele Thomas
 
100812 internet security2.0
100812 internet security2.0100812 internet security2.0
100812 internet security2.0
dkp205
 
Cybersecurity Awareness for employees.pptx
Cybersecurity Awareness for employees.pptxCybersecurity Awareness for employees.pptx
Cybersecurity Awareness for employees.pptx
AbdullaFatiya3
 
Asset slide-show-identifying-it-security-threats (1)
Asset slide-show-identifying-it-security-threats (1)Asset slide-show-identifying-it-security-threats (1)
Asset slide-show-identifying-it-security-threats (1)
David Robinson
 
Cyber security
Cyber securityCyber security
Cyber security
TonyYeung23
 

Similar to Spam Morphs from a Nuisance to a Threat (20)

Cybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteCybercrime - An essential guide from Thawte
Cybercrime - An essential guide from Thawte
 
Compilation of phishing and keylogger attacks
Compilation of phishing and keylogger attacksCompilation of phishing and keylogger attacks
Compilation of phishing and keylogger attacks
 
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
 
How and Why to Make Email Everyone's Business
How and Why to Make Email Everyone's BusinessHow and Why to Make Email Everyone's Business
How and Why to Make Email Everyone's Business
 
negative implications of IT
negative implications of ITnegative implications of IT
negative implications of IT
 
Copy of policing the internet_040555.pptx
Copy of policing the internet_040555.pptxCopy of policing the internet_040555.pptx
Copy of policing the internet_040555.pptx
 
Ransomware all locked up book
Ransomware all locked up bookRansomware all locked up book
Ransomware all locked up book
 
cyber threats and attacks.pptx
cyber threats and attacks.pptxcyber threats and attacks.pptx
cyber threats and attacks.pptx
 
Cybercrime: A Seminar Report
Cybercrime: A Seminar ReportCybercrime: A Seminar Report
Cybercrime: A Seminar Report
 
Phishing.pdf
Phishing.pdfPhishing.pdf
Phishing.pdf
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threats
 
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-EgbulemIT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
 
Arrott Htcia St Johns 101020
Arrott Htcia St Johns 101020Arrott Htcia St Johns 101020
Arrott Htcia St Johns 101020
 
IRJET- A Survey on Automatic Phishing Email Detection using Natural Langu...
IRJET- A Survey on Automatic Phishing Email Detection using Natural Langu...IRJET- A Survey on Automatic Phishing Email Detection using Natural Langu...
IRJET- A Survey on Automatic Phishing Email Detection using Natural Langu...
 
A Survey On Cyber Crime Information Security
A Survey On Cyber Crime Information SecurityA Survey On Cyber Crime Information Security
A Survey On Cyber Crime Information Security
 
100812 internet security2.0
100812 internet security2.0100812 internet security2.0
100812 internet security2.0
 
Cybersecurity Awareness for employees.pptx
Cybersecurity Awareness for employees.pptxCybersecurity Awareness for employees.pptx
Cybersecurity Awareness for employees.pptx
 
Asset slide-show-identifying-it-security-threats (1)
Asset slide-show-identifying-it-security-threats (1)Asset slide-show-identifying-it-security-threats (1)
Asset slide-show-identifying-it-security-threats (1)
 
Cyber security
Cyber securityCyber security
Cyber security
 

More from Osterman Research, Inc.

Best Practices for Managing Archive Migrations
Best Practices for Managing Archive MigrationsBest Practices for Managing Archive Migrations
Best Practices for Managing Archive Migrations
Osterman Research, Inc.
 
Using Email, File, Social Media and Mobile Archiving to Grow Your Business
Using Email, File, Social Media and Mobile Archiving to Grow Your BusinessUsing Email, File, Social Media and Mobile Archiving to Grow Your Business
Using Email, File, Social Media and Mobile Archiving to Grow Your Business
Osterman Research, Inc.
 
Best Practices for File Sharing
Best Practices for File SharingBest Practices for File Sharing
Best Practices for File Sharing
Osterman Research, Inc.
 
The Need for Third-Party Security, Compliance and Other Capabilities in Micro...
The Need for Third-Party Security, Compliance and Other Capabilities in Micro...The Need for Third-Party Security, Compliance and Other Capabilities in Micro...
The Need for Third-Party Security, Compliance and Other Capabilities in Micro...
Osterman Research, Inc.
 
Managing BYOD in Corporate Environments
Managing BYOD in Corporate EnvironmentsManaging BYOD in Corporate Environments
Managing BYOD in Corporate Environments
Osterman Research, Inc.
 
Survey Report: Managing BYOD in Corporate Environments
Survey Report: Managing BYOD in Corporate EnvironmentsSurvey Report: Managing BYOD in Corporate Environments
Survey Report: Managing BYOD in Corporate Environments
Osterman Research, Inc.
 
Survey Report: Results of a Survey on Microsoft Office 365
Survey Report: Results of a Survey on Microsoft Office 365Survey Report: Results of a Survey on Microsoft Office 365
Survey Report: Results of a Survey on Microsoft Office 365
Osterman Research, Inc.
 
How the Cloud Can Make Government Archiving More Secure and Less Expensive
How the Cloud Can Make Government Archiving More Secure and Less ExpensiveHow the Cloud Can Make Government Archiving More Secure and Less Expensive
How the Cloud Can Make Government Archiving More Secure and Less Expensive
Osterman Research, Inc.
 
Secure, Reliable and Compliant: How the Cloud Can Make Archiving Profitable f...
Secure, Reliable and Compliant: How the Cloud Can Make Archiving Profitable f...Secure, Reliable and Compliant: How the Cloud Can Make Archiving Profitable f...
Secure, Reliable and Compliant: How the Cloud Can Make Archiving Profitable f...
Osterman Research, Inc.
 
A Better Method of Authentication
A Better Method of AuthenticationA Better Method of Authentication
A Better Method of Authentication
Osterman Research, Inc.
 
Putting IT Back in Control of BYOD
Putting IT Back in Control of BYODPutting IT Back in Control of BYOD
Putting IT Back in Control of BYOD
Osterman Research, Inc.
 
Mobile Devices in the Enterprise: MDM Usage and Adoption Trends
Mobile Devices in the Enterprise: MDM Usage and Adoption TrendsMobile Devices in the Enterprise: MDM Usage and Adoption Trends
Mobile Devices in the Enterprise: MDM Usage and Adoption Trends
Osterman Research, Inc.
 
Key Issues in eDiscovery
Key Issues in eDiscoveryKey Issues in eDiscovery
Key Issues in eDiscovery
Osterman Research, Inc.
 
Why Third-Party Archiving is Still Necessary in Exchange 2010
Why Third-Party Archiving is Still Necessary in Exchange 2010Why Third-Party Archiving is Still Necessary in Exchange 2010
Why Third-Party Archiving is Still Necessary in Exchange 2010
Osterman Research, Inc.
 
Why All Organizations Need to Manage and Archive Social Media
Why All Organizations Need to Manage and Archive Social MediaWhy All Organizations Need to Manage and Archive Social Media
Why All Organizations Need to Manage and Archive Social Media
Osterman Research, Inc.
 
What is the Total Value of Ownership for a Hosted PBX?
What is the Total Value of Ownership for a Hosted PBX?What is the Total Value of Ownership for a Hosted PBX?
What is the Total Value of Ownership for a Hosted PBX?
Osterman Research, Inc.
 
Taking a Strategic Approach to Unified Communications: Best of Breed vs. Sing...
Taking a Strategic Approach to Unified Communications: Best of Breed vs. Sing...Taking a Strategic Approach to Unified Communications: Best of Breed vs. Sing...
Taking a Strategic Approach to Unified Communications: Best of Breed vs. Sing...
Osterman Research, Inc.
 
Cloud vs. Cloud: Comparing the TCO of Office 365 and Private Clouds
Cloud vs. Cloud: Comparing the TCO of Office 365 and Private CloudsCloud vs. Cloud: Comparing the TCO of Office 365 and Private Clouds
Cloud vs. Cloud: Comparing the TCO of Office 365 and Private Clouds
Osterman Research, Inc.
 
Why You Need to Consider Cloud-Based Security in 2012
Why You Need to Consider Cloud-Based Security in 2012Why You Need to Consider Cloud-Based Security in 2012
Why You Need to Consider Cloud-Based Security in 2012
Osterman Research, Inc.
 
Important Issues for Federal Agencies to Consider When Using Social Media and...
Important Issues for Federal Agencies to Consider When Using Social Media and...Important Issues for Federal Agencies to Consider When Using Social Media and...
Important Issues for Federal Agencies to Consider When Using Social Media and...
Osterman Research, Inc.
 

More from Osterman Research, Inc. (20)

Best Practices for Managing Archive Migrations
Best Practices for Managing Archive MigrationsBest Practices for Managing Archive Migrations
Best Practices for Managing Archive Migrations
 
Using Email, File, Social Media and Mobile Archiving to Grow Your Business
Using Email, File, Social Media and Mobile Archiving to Grow Your BusinessUsing Email, File, Social Media and Mobile Archiving to Grow Your Business
Using Email, File, Social Media and Mobile Archiving to Grow Your Business
 
Best Practices for File Sharing
Best Practices for File SharingBest Practices for File Sharing
Best Practices for File Sharing
 
The Need for Third-Party Security, Compliance and Other Capabilities in Micro...
The Need for Third-Party Security, Compliance and Other Capabilities in Micro...The Need for Third-Party Security, Compliance and Other Capabilities in Micro...
The Need for Third-Party Security, Compliance and Other Capabilities in Micro...
 
Managing BYOD in Corporate Environments
Managing BYOD in Corporate EnvironmentsManaging BYOD in Corporate Environments
Managing BYOD in Corporate Environments
 
Survey Report: Managing BYOD in Corporate Environments
Survey Report: Managing BYOD in Corporate EnvironmentsSurvey Report: Managing BYOD in Corporate Environments
Survey Report: Managing BYOD in Corporate Environments
 
Survey Report: Results of a Survey on Microsoft Office 365
Survey Report: Results of a Survey on Microsoft Office 365Survey Report: Results of a Survey on Microsoft Office 365
Survey Report: Results of a Survey on Microsoft Office 365
 
How the Cloud Can Make Government Archiving More Secure and Less Expensive
How the Cloud Can Make Government Archiving More Secure and Less ExpensiveHow the Cloud Can Make Government Archiving More Secure and Less Expensive
How the Cloud Can Make Government Archiving More Secure and Less Expensive
 
Secure, Reliable and Compliant: How the Cloud Can Make Archiving Profitable f...
Secure, Reliable and Compliant: How the Cloud Can Make Archiving Profitable f...Secure, Reliable and Compliant: How the Cloud Can Make Archiving Profitable f...
Secure, Reliable and Compliant: How the Cloud Can Make Archiving Profitable f...
 
A Better Method of Authentication
A Better Method of AuthenticationA Better Method of Authentication
A Better Method of Authentication
 
Putting IT Back in Control of BYOD
Putting IT Back in Control of BYODPutting IT Back in Control of BYOD
Putting IT Back in Control of BYOD
 
Mobile Devices in the Enterprise: MDM Usage and Adoption Trends
Mobile Devices in the Enterprise: MDM Usage and Adoption TrendsMobile Devices in the Enterprise: MDM Usage and Adoption Trends
Mobile Devices in the Enterprise: MDM Usage and Adoption Trends
 
Key Issues in eDiscovery
Key Issues in eDiscoveryKey Issues in eDiscovery
Key Issues in eDiscovery
 
Why Third-Party Archiving is Still Necessary in Exchange 2010
Why Third-Party Archiving is Still Necessary in Exchange 2010Why Third-Party Archiving is Still Necessary in Exchange 2010
Why Third-Party Archiving is Still Necessary in Exchange 2010
 
Why All Organizations Need to Manage and Archive Social Media
Why All Organizations Need to Manage and Archive Social MediaWhy All Organizations Need to Manage and Archive Social Media
Why All Organizations Need to Manage and Archive Social Media
 
What is the Total Value of Ownership for a Hosted PBX?
What is the Total Value of Ownership for a Hosted PBX?What is the Total Value of Ownership for a Hosted PBX?
What is the Total Value of Ownership for a Hosted PBX?
 
Taking a Strategic Approach to Unified Communications: Best of Breed vs. Sing...
Taking a Strategic Approach to Unified Communications: Best of Breed vs. Sing...Taking a Strategic Approach to Unified Communications: Best of Breed vs. Sing...
Taking a Strategic Approach to Unified Communications: Best of Breed vs. Sing...
 
Cloud vs. Cloud: Comparing the TCO of Office 365 and Private Clouds
Cloud vs. Cloud: Comparing the TCO of Office 365 and Private CloudsCloud vs. Cloud: Comparing the TCO of Office 365 and Private Clouds
Cloud vs. Cloud: Comparing the TCO of Office 365 and Private Clouds
 
Why You Need to Consider Cloud-Based Security in 2012
Why You Need to Consider Cloud-Based Security in 2012Why You Need to Consider Cloud-Based Security in 2012
Why You Need to Consider Cloud-Based Security in 2012
 
Important Issues for Federal Agencies to Consider When Using Social Media and...
Important Issues for Federal Agencies to Consider When Using Social Media and...Important Issues for Federal Agencies to Consider When Using Social Media and...
Important Issues for Federal Agencies to Consider When Using Social Media and...
 

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 

Spam Morphs from a Nuisance to a Threat

  • 1. WHITE PAPER Spam Morphs From a Nuisance to a Threat ON An Osterman Research White Paper Published December 2011 SPONSORED BY sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 • Black Diamond, Washington • 98010-1058 • USA Tel: +1 253 630 5839 • Fax: +1 253 458 0934 • info@ostermanresearch.com www.ostermanresearch.com • twitter.com/mosterman
  • 2. Spam Morphs from a Nuisance to a Threat Executive Summary Spam volumes are substantially lower today than they were last year: as of late 2011, spam accounts for roughly 75% of the email that traverses the Internet compared to about 90% in 2010. The result is billions fewer spam messages being received by end users every month, leading some to believe that the spam problem is now less serious than it has been for many years. However, while spam volumes are lower than they have been in many years, the threat that companies face from spam is actually much greater than it was when spam volumes were “I don’t fear the much higher. This is because a) the primary spam threat is no man who wants longer about selling products but stealing information, b) twenty nuclear spammers are getting smarter and more effective by improving the ability of their phishing and spearphishing attacks to weapons, I fear penetrate corporate security systems, and c) the payloads and the man who links that spam delivers are more damaging. wants one”. In short, the spam problem can be summarized by the quote in George Clooney the callout: the problem is not one of the sheer volume of the The Peacemaker threats, but of their effectiveness and intent. KEY TAKEAWAYS There are four key points made in this white paper: • During the past 12 months, 37% of mid-sized and large organizations in North America have had malware successfully infiltrate their corporate network through email. Many of these attacks have been quite serious, resulting in the loss of millions of dollars, as well as loss of sensitive financial data and intellectual property. • The disappearance of the network perimeter that has been enabled by the consumerization of IT has created more endpoints for incursion of spam and malware. This, coupled with increasingly sophisticated and target phishing attempts, means that the problem of malicious spam infiltration will become worse. • As a corollary to the point above, the increasing sophistication of phishers’ targeting of senders is heralding a new era in these criminals’ ability to focus their attacks, with a corresponding decrease in these individuals’ ability to identify phishing attempts. • Decision makers should view spam as a very serious threat and not minimize the severity of the threat it poses because spam volumes are decreasing. ABOUT THIS WHITE PAPER This white paper is focused on helping decision makers to understand that the problem with spam is more serious today than it was when spam volumes were higher. It also offers a brief overview on the sponsor of this white paper, Abaca, and its anti-spam capabilities. ©2011 Osterman Research, Inc. 1
  • 3. Spam Morphs from a Nuisance to a Threat Some Background on Spam THE PROBLEM OF MALICIOUS EMAIL Spam is a problem – it wastes bandwidth, storage, and employee time, not to mention the cost of deploying systems to deal with processing and deleting spam from corporate networks. However, the dramatically more sinister side of the spam problem is malicious email – messages that are sent with the specific intent of stealing content like banking credentials, usernames and passwords for corporate applications, Social Security numbers, credit card numbers and other sensitive information. The goal of those who send malicious email is simple: a) steal money, b) steal data or c) cause serious disruption to networks or critical systems. MALICIOUS EMAIL IS DANGEROUS AND EXPENSIVE The security risks from spam are quite real and they are no longer just a nuisance as in years past. The growing variety of keystroke loggers, password-stealing Trojans and other threats means that corporate data is increasingly at risk. Data theft can include sensitive content like usernames and passwords, but also financial data, customer data, trade secrets and other types of confidential information. The increasing end goals of stealing information (personal and corporate), hijacking systems for a wide range of purposes and launching additional malicious attacks all have serious business implications, in addition to the more traditional impacts to bandwidth, infrastructure and other costs. For example, there have been a number of serious spam-based incursions during the past year: • In September 2011, Mitsubishi Heavy Industries was the victim of a spearphishing attack that ended up compromising 83 different systems in 10 locations across the companyi. • In June 2011, the International Monetary Fund (IMF) was the victim of a spearphishing attack that may have been perpetrated by a rogue state. Although employees were warned not to open attachments they were not expecting, open email from unknown senders or click on video links, malware in an email successfully penetrated IMF defenses and information was stolen from compromised computersii. • In April 2011, hackers sent phishing emails to a number of lower level employees at RSA. These emails contained the subject line “2011 Recruitment Plan” and included an Excel spreadsheet as an attachment that contained a zero-day flaw in Adobe Flash. Although the emails were successfully diverted to these users’ spam quarantines, the emails were opened and a Trojan was installed that successfully harvested credentials from a large number of employee accounts, compromising RSA’s SecurID tagsiii. As of late 2011, 760 organizations have been attacked using the same command and control, including IBM, Google, Microsoft and about one-fifth of the Fortune 500iv. • On April 7, 2011, a spearphishing attack directed at the Oak Ridge National Laboratory was able to steal a few megabytes of data before IT administrators cut off Internet access. The email sent to employees was purportedly from the lab’s HR department and was received by 530 employees, 57 of whom clicked on a malicious link contained in the emailv. • In November 2010, a 26-year-old Hungarian citizen, in a bizarre attempt to be hired by Marriott International, sent an infected email attachment to various Marriott employees that ©2011 Osterman Research, Inc. 2
  • 4. Spam Morphs from a Nuisance to a Threat allowed him to steal sensitive information from the company. Marriott estimates that the cost of analyzing the extent of the compromise of its network cost it between $400,000 and $1 millionvi. • In November 2010, employees at France’s Ministry of Economics, Finances, and Industry received spearphishing emails that contained a Trojan. A minimum of 150 computers were compromised and sensitive documents related to the G-20 were stolenvii. It is also important to note that information stolen as a result of phishing attacks can be used to generate new phishing attacks, exacerbating the problem. For example, data hijacked in the Epsilon breach earlier in 2011 is now being used to target customers of Chase Bank. SPAMMER TECHNIQUES Spammers use a variety of techniques to deliver their content: • Botnets Spammers use botnets that consist of millions of ‘zombie’ computers – computers in homes and the workplace that are infected with a virus, worm or Trojan that permits them to be controlled by a remote entity. Spammers can rent botnets for content-distribution campaigns. Using botnets, a small number of messages can be sent from each of thousands of computers, effectively hiding each zombie from detection by ISPs or network administrators using conventional tools. Botnets are a critical problem not only because they are responsible for the vast majority of spam sent across the Internet today, but also because they are used for a wide range of purposes beyond just spam delivery. These include hosting malware sites, perpetrating distributed denial-of-service attacks, click fraud and credit card fraud. Botnets can be hard to detect and hard to remove. • Spam filter-avoidance techniques The simpler of these techniques involves text obfuscation, such as misspelling keywords; Bayesian poisoning (the process of including specific keywords into spam messages in an attempt to trick Bayesian filters into thinking a message is legitimate); introducing valid text into spam messages; using various HTML techniques to fool filters into not recognizing offensive content; and other techniques. These techniques typically can bypass many traditional content-filters, and those using a Bayesian approach. • Spam with attachments Similar to image spam, but using PDF files, spreadsheets or ZIP files as payloads to carry the spam content, often malware. One technique is to send calendar invitations as malicious email attachments. • Image-based spam Image-based spam is represented as one or more images that typically use non-standard fonts, background ‘snow’, randomized backgrounds, slanted lines of text, blurriness and other distortions to defeat more conventional spam-filtering technologies, as shown in the example at right. Image spam is a particularly serious problem for mail servers and recipients, since each message is typically much larger than a conventional, text-based spam message. Image spam, while still used by spammers, is less of a problem today than it was in 2007. ©2011 Osterman Research, Inc. 3
  • 5. Spam Morphs from a Nuisance to a Threat • Alternative spam languages Spammers will often target their content to users who speak specific languages. There is a growing trend for more localized distribution with diversified languages. For example, in early 2010 96% of spam was in English – as of early 2011 it was 90%viii. “DECENT” SPAM CAPTURE RATES ARE NOT ENOUGH A spam filtering solution that catches the “vast majority” of spam simply isn’t acceptable in an era of spamming that is specifically targeted to employees using social engineering and other techniques. For example, a 98% capture rate – while seemingly acceptable – will increase the chance of infection by 200 times compared to a solution that captures 99.99% of spam. Spams Received Daily per 1,000 Employees Assuming 100 Emails Received per Employee per Day Likelihood of Potentially Infection Malicious Spam Compared to Capture Rate Emails Received 99.99% 95.0% 5,000 500x 98.0% 2,000 200x 99.0% 1,000 100x 99.5% 500 50x 99.9% 100 10x 99.99% 10 - Spam Isn’t an Issue Anymore…Right? A BIT OF GOOD NEWS: SPAM VOLUMES ARE DECLINING Spam volumes dropped significantly in late 2010, followed by a rapid increase in the volume of spam partway through March 2011. However, since the seemingly permanent takedown of the Rustock botnet in March 2011, spam volumes are now at significantly lower average levels than they have been for many years. The elimination of the Rustock botnet was significant, since it was the largest of the many botnets in operation with anywhere from 1.1 million to 1.7 million compromised computers in operationix. As evidence of the decreasing proportion of spam traversing the Internet relative to valid email are Symantec.cloud statistics that show spam decreasing from 92% in August 2010 to 79% in January 2011 to 74% in October 2011x. LOTS OF BAD NEWS: SPAM IS MORE SERIOUS THAN EVER In a recent Osterman Research surveyxi of mid-sized and large organizations in North America, three out of four respondents have experienced some form of security compromise during the past 12 months, with malware ingress through email a predominant avenue for these incursions. Moreover, 34% of the IT decision makers surveyed are concerned or seriously concerned about the amount of spam their organization receives, while 26% are this concerned about the number of false positives they get in their current anti-spam filtering systems. ©2011 Osterman Research, Inc. 4
  • 6. Spam Morphs from a Nuisance to a Threat Security Incidents That Have Occurred During the Previous 12 Months NETWORKS ARE ALREADY COMPROMISED In an Osterman Research survey conducted during January 2011, decision makers and influencers demonstrated that they were relatively pessimistic about the future of spam and malware problems as they entered 2011, as shown in the following figure. ©2011 Osterman Research, Inc. 5
  • 7. Spam Morphs from a Nuisance to a Threat Predictions About Global Spam and Malware Problems in 2011 Decision makers were right to be pessimistic. Despite the decreases in spam volumes, there has been relatively little good news in the context of threats directed against messaging and Web users. Further, while many decision makers are taking messaging and Web security threats quite seriously, a soft economy coupled with threats that are rapidly increasing in sophistication and severity, means that many organizations are not keeping pace with the threats they face. A Zero Tolerance Approach to Malicious Mail SPAM VOLUMES ARE NOT THE FUNDAMENTAL ISSUE Somewhat predictably, many members of the press, analyst and IT community have assumed that the significant decrease in the amount of spam over the past several months indicates that the spam problem is much less serious than it was when volumes were much higher. However, because the decrease in spam volumes has been accompanied by more serious threats delivered through spam, the spam problem is actually more critical now that volumes are lower. YOU ARE A TARGET FOR THE BAD GUYS Moreover, there are a variety of less catastrophic problems caused by spam, but these issues are serious nonetheless: ©2011 Osterman Research, Inc. 6
  • 8. Spam Morphs from a Nuisance to a Threat • Data breaches A breach of customer or consumer data caused by a successful phishing attempt can lead to a number of serious consequences. Because there are data breach notification laws in 46 of the 50 US states, one Canadian province, and in many nations around the world, organizations that lose this data are liable not only for the direct costs of notifying victims, but they may also be liable in legal actions, they may have to pay for credit reporting services, and they will almost certainly suffer a loss of reputation and brand damage. • Advanced persistent threats An advanced persistent threat (APT) is serious in that it represents a protracted attack against a company, government or some other entity by one or more hackers. The seriousness of APTs is underscored by the fact that these threats are generally directed by humans that are intent on penetrating corporate or other defenses, not simply automated threats that are looking for targets of opportunity. Consequently, those directing APTs will change tactics as they encounter resistance to attacks among their targets, such as the deployment of new defense mechanisms. One example of an APT is a distributed denial-of-service (DDoS) attack aimed at mining interests in China, the United States, Singapore and Hong Kongxii. This attack, which began in September 2009, uses a specialized piece of malware identified as JKDDOSxiii for which more than 50 variants have been identified. This malware can be distributed in a variety of ways and, with sizes as small as 17Kb, can easily be distributed via email. • Increased storage requirements As more malicious content comes into a network, more of this content must be stored for review in quarantines and archives. Given that this content is normally preserved for at least 30 days in order to give employees time to review it for false positives, increases in malicious content entering a network inevitably lead to increased storage requirements. Further, storage spikes add significant volatility to storage needs, making it difficult to plan storage capacity accurately. What Should You Do Next? Osterman Research recommends that organizations of any size undertake a four-step program to address their issues with spam: 1. First and foremost, understand that you still have a spam problem Even though absolute spam volumes are decreasing, the threats from spam entering your network are becoming more severe and stealthier over time. One way to think about this is from the perspective of physical security: if you formerly had 100 people using brute force in an attempt to break into your home and today you have only 50 people doing so, but with more sophisticated tools, your problem is actually getting worse, not better. 2. Understand the nature of the threats While spam used to be a nuisance – albeit an expensive one – today it is a major threat vector that can result in the loss of hundreds of thousands or millions of dollars in funds. The problem is becoming more serious not only because of the consequences of a ©2011 Osterman Research, Inc. 7
  • 9. Spam Morphs from a Nuisance to a Threat successful incursion into your network, but because there are more endpoints through which criminals can gain access to your data, funds and intellectual property. 3. Train your users, but protect them from themselves Users are clearly the first line of defense in any security scheme. They must be trained about the appropriate way to handle emails from unknown sources, why they should not click on links contained in email, what to do with attachments in email, and so forth. Training programs should be thorough and updated with sufficient frequency to address new threats as they arise. It is important to note that while users are a useful step in preventing the infiltration of malicious content by carefully evaluating the content they receive, even the most careful and experienced user can still be fooled by social engineering and other spammer techniques. 4. Finally, deploy very robust anti-spam technology No amount of training or user awareness will protect an organization from the onslaught of threats they face from spam. As a result, every organization should deploy capabilities that will capture the highest possible proportion of spam entering their network with as low a false positive ratio as possible. For example, as shown in the previous table, increasing the spam capture rate from 95% to 99% will reduce the potential for malicious email infiltration by 80%. It is important to evaluate spam-filtering vendors based on their ability to capture very high rates of malicious content. However, it is also important to focus on high-performance spam filtering capabilities that will enable the processing of large amounts of spam, such as during spikes in spam activity, as well as energy efficiency to minimize power requirements for the overall security infrastructure. Moreover, consider layered email filtering using a combination of cloud- based and on-premise solutions that will make deployment easier and minimize the risks from malicious email. Summary Somewhat ironically, spam volumes are decreasing while the threat from spam is increasing. Where spam used to be a nuisance, today it represents an enormous threat vector because it carries malware and links to malware-laden sites. Just one user clicking on one link in one spam message can set in motion a massive data breach, the loss of funds or the loss of intellectual property. Consequently, organizations should pursue best practices with regard to training users about how to manage email, but they should also deploy highly effective anti- spam technologies that will block as much spam as possible from reaching end users. ©2011 Osterman Research, Inc. 8
  • 10. Spam Morphs from a Nuisance to a Threat About Abaca Abaca, founded in 2005 by Steve Kirsch, a respected Silicon Valley entrepreneur and philanthropist, is a privately held company headquartered in San Jose, California. Abaca is an innovator in email protection and messaging security. The company’s next generation technology, ReceiverNet®, offers a revolutionary approach in the fight against spam – providing an unprecedented level of performance and guaranteeing a minimum of 99% accuracy. Abaca has created a portfolio of advanced products and services based upon this core technology, thereby assuring users unparalleled messaging protection from spam, virus and phishing attacks. HOW IT WORKS Unlike conventional email filters that narrowly focus on detecting spam-like content or known senders of spam, Abaca takes a multi-dimensional approach. It works in real-time to analyze a number of factors to create an extremely accurate probability model of whether or not a message is spam. Because it does not rely on content inspection, the Abaca solution is completely language independent and immune to many of the most sophisticated tricks that spammers use to mask commercial or malicious content. Key to the revolutionary Abaca Solution is a multi-layered approach that combines several techniques to deliver unparalleled effectiveness: • Deep Envelope Inspection There is more to an email header than meets the eye. A deep analysis of the header reveals critical information such as how it got to the receiver—e.g., did it come directly from your bank or was it in the hands of someone bad in the middle. Experience gained from processing billions of messages a month has enabled Abaca to develop automated forensics that look for telltale signs of forged headers and obfuscated sender addresses—all in real time. This automated intelligence validates the envelope and detects who sent it and who handled it in between. • Receiver Reputation Although the ingenuity of spammers is unlimited, Abaca has developed a revolutionary technology that relies on the fact that they will always need someone to receive their mail. The patented Abaca ReceiverNet™ Protection Network rates individual receivers based on a number of factors, including how much spam they attract. By applying this reputation rating to approximately 50 other variables—including information gleaned from deep envelop inspection—Abaca achieves a 99.997 percent catch rate as verified in independent tests. • Instant Intelligence Because the ReceiverNet network is based in the cloud, information on a large number of receivers can be leveraged to more accurately establish the reputation of the individual receivers. It all works automatically without the need for administrators to manually update lists of bad senders, the latest malware, or other email-borne threats. The cloud-based system also uses this large pool of data to learn, so that unlike conventional solutions that degrade over time, it becomes more accurate with each email. It also remembers feedback from individual users to learn what email they want to receive. ©2011 Osterman Research, Inc. 9
  • 11. Spam Morphs from a Nuisance to a Threat • Deterministic Algorithm When an email arrives at the Abaca filter—whether in the cloud, a private cloud, or installed in front of a corporate email server or at an ISP—a small portion of the critical header message is stripped and sent to the ReceiverNet network. The advanced ReceiverNet algorithm instantly computes the odds that the message is spam by a using mathematical analysis that combines receiver reputation with other variables. Depending on whether the customer has deployed Abaca Cloud as a filter or prefilter, the message is then either blocked or marked as probably spam for the local filter to make a determination. ABACA’S CUSTOMERS Abaca’s customer base represents leading businesses and Abaca’s organizations from all industries, including: banking/finance, technology is education, energy, healthcare / pharmaceuticals, manufacturing, technology, and telecommunications. Abaca’s used to protect customer base also includes a growing list of regional and Yahoo! custom- international Internet service providers. ers’ 250 million mailboxes and Abaca’s technology is used to protect Yahoo! customers’ 250 million mailboxes and blocks more than 80,000 emails per blocks more than second. 80,000 emails per second. Abaca is 100% focused on customer success with customer success the cornerstone of the business. The company assesses its own corporate success by that of its customers. For more information on Abaca customers, read the company’s customer testimonials and selected success stories at www.abaca.com. ©2011 Osterman Research, Inc. 10
  • 12. Spam Morphs from a Nuisance to a Threat © 2011 Osterman Research, Inc. All rights reserved. No part of this document may be reproduced in any form by any means, nor may it be distributed without the permission of Osterman Research, Inc., nor may it be resold or distributed by any entity other than Osterman Research, Inc., without prior written authorization of Osterman Research, Inc. Osterman Research, Inc. does not provide legal advice. Nothing in this document constitutes legal advice, nor shall this document or any software product or other offering referenced herein serve as a substitute for the reader’s compliance with any laws (including but not limited to any act, statue, regulation, rule, directive, administrative order, executive order, etc. (collectively, “Laws”)) referenced in this document. If necessary, the reader should consult with competent legal counsel regarding any Laws referenced herein. Osterman Research, Inc. makes no representation or warranty regarding the completeness or accuracy of the information contained in this document. THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS OR IMPLIED REPRESENTATIONS, CONDITIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE DETERMINED TO BE ILLEGAL. i http://www.eweek.com/c/a/Security/Mitsubishi-Heavy-Network-Most-Likey-Compromised-by-SpearPhishing-Attack-335314/ ii http://www.eweek.com/c/a/Security/IMF-Breach-May-Be-StateSponsored-Spear-Phishing-Attack-526401/ iii http://www.pcmag.com/article2/0,2817,2382970,00.asp#fbid=uW9bd7GksLR iv http://money.cnn.com/2011/10/27/technology/rsa_hack_widespread/index.htm v http://www.wired.com/threatlevel/2011/04/oak-ridge-lab-hack/ vi http://www.courthousenews.com/2011/11/29/41751.htm vii http://arstechnica.com/security/news/2011/03/hackers-spear-phish-infiltrate-french-ministry-of-finances.ars viii http://royal.pingdom.com/2011/01/19/email-spam-statistics/ ix Ibid x http://www.symanteccloud.com/globalthreats/charts/spam_monthly xi Messaging and Web Security Market Trends, 2011-2014, Osterman Research, Inc. xii http://news.hostexploit.com/cyber-security-news/4827-understanding-advanced-persistent-threats.html xiii http://ddos.arbornetworks.com/2011/03/jkddos-ddos-bot-with-an-interest-in-the-mining-industry/ ©2011 Osterman Research, Inc. 11