In July 2017, global spam rate reached the highest level registered since March 2015, fueled by the emergence of malware families attempting to self-spread via email, according to Symantec.
The global spam rate last month was 54.9%, registering a 0.6 percentage point increase compared to the previous month. Driving the rate upwards was, among other factors, the appearance of malware variants that could spread via spam emails.
The surge was also mirrored in an increase in email malware rate, which reached one in 359 emails in July, up from one in 451 during the previous month. This is the highest rate registered this year, but still lower than the levels registered at the end of last year (the rate reached one in 111 emails in November 2016).
The number of new malware variants, however, went down in July 2017, dropping from 66.3 million to 58.7 million variants, Symantec’s Latest Intelligence report shows.
“This trend in malware being distributed through email seems to be catching on, with several infamous malware families recently adding functionality that allows them to spread via spam email,” Symantec said.
Earlier this year, threats such as WannaCry and NotPetya proved how effective worm-like spreading capabilities could be, and various malware families out there adopted similar tactics. The Emotet banking Trojan added the ability to steal email credentials from infected computers and use them to send spam and spread itself.
The TrickBot banking malware added a module to leverage SMB and spread to computers on the same network (but the functionality isn’t yet active) and also started targeting Outlook data. A ransomware family called Reyptson was observed last month packing the ability to steal Thunderbird email client credentials to send spam messages containing a link to its executable.
“Attackers are increasingly making use of tools already installed on targeted computers or are running simple scripts and shellcode directly in memory. This allows them to minimize the risk of their attacks being discovered and blocked by traditional security tools,” Symantec notes.
The rate of phishing attacks went up as well, reaching one in 1,968 emails, the highest level observed during the past 12 months. The number of web attacks blocked by Symantec decreased slightly, from 1,159,398 per day to 1,158,985 per day. Despite that, July was the fourth consecutive month with elevated web attack activity.
The Mining sector had the highest spam rate (59.1%), followed by Manufacturing (56.9%). The Mining sector had the highest phishing rate at one in 1,263 emails, while the Agriculture, Forestry, & Fishing sector had the highest email malware rate at one in 152 emails.
During July, security researchers also discovered a new type of attack targeting fresh installations of WordPress. As part of the attack, cybercriminals are scanning for a specific setup URL used in new installations of the content management system, and then take over the installation as it hasn’t been yet configured, replacing legitimate resources with their own, and even compromising hosting accounts and all other sites on that account.