Cyber espionage moves out of the shadows

During the first half of 2013, AppRiver screened more than 15 billion messages, nearly 13 billion of which were spam and another 171 million that carried viruses. Once again, the United States was the leading country of origin for spam email messages, but to the surprise of many, servers in the former Soviet republic of Belarus logged the second-highest total from January through June.

Over the past six months, exploits accounted for the overwhelming majority of the malware blocked by AppRiver’s filters. Exploits are pieces of code that open the door to a user’s device so that a remote system can later take control of it. The device might then be incorporated into a botnet, or it might download a key-logger that steals account numbers and passwords.


Some of the bigger stories surrounding email and web threats over the past six months include malware campaigns leveraging the Boston Marathon bombings, the continuing rise of mobile malware, and DSD: a distraction technique used by cybercriminals as they’re emptying your bank accounts.

“If you notice a deluge of spam in your email inbox, it’s best not to try to monitor your email, but instead go directly to your account(s) activity because the people behind this spam blast have somehow obtained your personal account information and email address,” says AppRiver Security Analyst Fred Touchette. “In order to hide purchase receipt emails or balance transfer confirmation emails, the attackers, just before they make the illegal transactions, turn on this deluge of spam email in order for these very important emails to get lost in the flood. These fraudulent transactions need to be caught fast so that they can be stopped at the financial institution before they’re finalized.”


When it comes to vulnerabilities in end user client systems, the Java platform and Adobe Flash have been most targeted by the bad guys. As for server side vulnerabilities, some of the biggest exploits so far in 2013 have included cross-site scripting, cross-site request forgery, broken authentication systems, Ruby vulnerabilities, universal plug and play problems, and an Adobe issue with ColdFusion. The toolkits responsible for many of these exploits include Blackhole, followed closely by Fiesta, and this year’s big up and comer – RedKit.


In addition to the familiar data regarding email spam and viruses, this report includes some baseline data about web-based malware that AppRiver will track over the months ahead. As web-based malware and “drive-by downloads” become more widespread, this data will expose trends and patterns that can help improve security for users.

The cyber world

This section of the report discusses major cybercrime arrests like that of Hamza Bendelladj for leading a major Zeus botnet, along with hacktivism activities, and the evolution of cyber espionage from simple murmurings to mainstream conversation with attention-grabbing incidents such as Stuxnet, targeting a very specific system for enriching Uranium in a very specific location, not to mention the talk of cyber exchanges between the U.S. and China.

Don't miss