Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Email Security

Spam Rate Hit 55% in September: Symantec

The spam rate of overall email dropped slightly over the past couple of months to 55% in September, but remains above the year average, a new Symantec report reveals.

The spam rate of overall email dropped slightly over the past couple of months to 55% in September, but remains above the year average, a new Symantec report reveals.

Spam rate last month remained above the 54.3% average registered last year, but went as high as 59.4% and 56.4% for the Mining and Manufacturing sectors, respectively, Symantec points out in the Latest intelligence report for September 2017.

Driving spam rate up were massive malicious campaigns dropping variants of the Locky ransomware. During mid-September, six massive Locky distribution runs were observed.

At 55% in September, the spam rate was also higher than the 54% rate that Symantec previously reported for the first half of the year.

Email remains a favorite distribution method for cybercriminals, with users being twice as likely to encounter malware via email, compared to other infection vectors, Symantec says. In their Email Threats 2017 report (PDF), the company also revealed that one in nine users had at least one malicious email sent to them during the first six months of 2017.

Phishing rate came in at one in 2,644 emails for September, slightly down for the second month in a row, but still well above the rates seen earlier in the year, the security company says. In July, phishing rate reached a 12-month peak at one in 1,968 emails.

According to Symantec, spambots remain the primary culprits in the distribution of spam emails, with Necurs (the largest amount of malicious email activity in 2017), Gamut (focuses almost exclusively on advertising spam), Tofsee, BlankSlate, and Waledac being some of the most popular of them.

For malicious payload distribution via email, attackers either use URLs or attachments, with the latter method being the most popular, accounting for 74% of the malicious emails in the first half of 2017.

Email malware increased in September as well, with one in every 312 emails carrying malicious code, the security company says. Thus, September was the sixth month to register growth in email malware. At one in 120 emails, the Agriculture, Forestry, & Fishing sector was impacted the most, followed by the Mining industry at one in 196 emails.

Another noteworthy event in September was the discovery of new links between attacks against the energy sector and the Dragonfly group. Dubbed Dragonfly 2.0, the campaign that Symantec has been monitoring since late 2015 has known victims in the United States, Switzerland and Turkey.

Related: Massive Spam Runs Distribute Locky Ransomware

Related: Hackers Target Control Systems in U.S. Energy Firms: Symantec

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybersecurity Funding

UK-based email security and brand protection solutions provider Red Sift on Thursday announced raising $54 million in a Series B funding round that brings...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Computer maker Lenovo has started pushing security patches to address three vulnerabilities impacting the UEFI firmware of more than 110 laptop models.