The spam rate of overall email dropped slightly over the past couple of months to 55% in September, but remains above the year average, a new Symantec report reveals.
Spam rate last month remained above the 54.3% average registered last year, but went as high as 59.4% and 56.4% for the Mining and Manufacturing sectors, respectively, Symantec points out in the Latest intelligence report for September 2017.
Driving spam rate up were massive malicious campaigns dropping variants of the Locky ransomware. During mid-September, six massive Locky distribution runs were observed.
At 55% in September, the spam rate was also higher than the 54% rate that Symantec previously reported for the first half of the year.
Email remains a favorite distribution method for cybercriminals, with users being twice as likely to encounter malware via email, compared to other infection vectors, Symantec says. In their Email Threats 2017 report (PDF), the company also revealed that one in nine users had at least one malicious email sent to them during the first six months of 2017.
Phishing rate came in at one in 2,644 emails for September, slightly down for the second month in a row, but still well above the rates seen earlier in the year, the security company says. In July, phishing rate reached a 12-month peak at one in 1,968 emails.
According to Symantec, spambots remain the primary culprits in the distribution of spam emails, with Necurs (the largest amount of malicious email activity in 2017), Gamut (focuses almost exclusively on advertising spam), Tofsee, BlankSlate, and Waledac being some of the most popular of them.
For malicious payload distribution via email, attackers either use URLs or attachments, with the latter method being the most popular, accounting for 74% of the malicious emails in the first half of 2017.
Email malware increased in September as well, with one in every 312 emails carrying malicious code, the security company says. Thus, September was the sixth month to register growth in email malware. At one in 120 emails, the Agriculture, Forestry, & Fishing sector was impacted the most, followed by the Mining industry at one in 196 emails.
Another noteworthy event in September was the discovery of new links between attacks against the energy sector and the Dragonfly group. Dubbed Dragonfly 2.0, the campaign that Symantec has been monitoring since late 2015 has known victims in the United States, Switzerland and Turkey.