AppRiver released a detailed analysis of web and email-borne threats and malware trends traced between January and March 2014.
During the first quarter of 2014, AppRiver screened more than 14 billion messages, nearly 10.9 billion of which were spam and another 490 million that contained malware. Once again, the United States was the leading country of origin for spam email messages, and Europe logged the second-highest total with Spain, Germany and Italy making up the top three countries. January was a record-breaking month for malware traffic since 2008, with one in every 10 pieces of email being malicious.
Immediately at the start of the year, new CryptoLocker-esque variants begin popping up on underground forums and in the wild as well. These new copycats included CryptoClone and CryptoLocker 2.0 that added functionality to officially make it a self-replicating worm for greater possible damage.
Some of the bigger stories surrounding email and web threats over the first three months of 2014 include CryptoLocker copycats, HMRC, IRS and National Institute for Health and Excellence used as covers for several attacks and scams, and the languid botnet Asprox, one of the most active botnets around this year.
“Keep yourself informed and watch out for some of the common flaws that these malware campaigns employ, such as addressing people by their email as opposed to their actual names,” said AppRiver Security Analyst Fred Touchette. “Oftentimes generalities are used in the greeting with no names at all. That’s a big red flag, especially when the content appears so personal. If there are any questions as to the legitimacy of any email, contact the supposed sender directly to authenticate.”
In addition to the familiar data regarding email spam and viruses, this report includes some baseline data about web-based malware that AppRiver will track over the months ahead. As web-based malware and “drive-by downloads” become more widespread, this data will expose trends and patterns that can help improve security for users.
The Cyber World section of the report discusses two independent studies conducted to see how world cyber events are affecting end users and IT professionals as well as how easy it is to gather sensitive data from public places by shoulder surfing. Other major cyber world events highlighted include the Heartbleed vulnerability and Windows XP end of life.