Security Experts:

Connect with us

Hi, what are you looking for?


Email Security

Spam Rate Hits Two-Year High

In July 2017, global spam rate reached the highest level registered since March 2015, fueled by the emergence of malware families attempting to self-spread via email, according to Symantec.

In July 2017, global spam rate reached the highest level registered since March 2015, fueled by the emergence of malware families attempting to self-spread via email, according to Symantec.

The global spam rate last month was 54.9%, registering a 0.6 percentage point increase compared to the previous month. Driving the rate upwards was, among other factors, the appearance of malware variants that could spread via spam emails.

The surge was also mirrored in an increase in email malware rate, which reached one in 359 emails in July, up from one in 451 during the previous month. This is the highest rate registered this year, but still lower than the levels registered at the end of last year (the rate reached one in 111 emails in November 2016).

The number of new malware variants, however, went down in July 2017, dropping from 66.3 million to 58.7 million variants, Symantec’s Latest Intelligence report shows.

“This trend in malware being distributed through email seems to be catching on, with several infamous malware families recently adding functionality that allows them to spread via spam email,” Symantec said.

Earlier this year, threats such as WannaCry and NotPetya proved how effective worm-like spreading capabilities could be, and various malware families out there adopted similar tactics. The Emotet banking Trojan added the ability to steal email credentials from infected computers and use them to send spam and spread itself.

The TrickBot banking malware added a module to leverage SMB and spread to computers on the same network (but the functionality isn’t yet active) and also started targeting Outlook data. A ransomware family called Reyptson was observed last month packing the ability to steal Thunderbird email client credentials to send spam messages containing a link to its executable.

“Attackers are increasingly making use of tools already installed on targeted computers or are running simple scripts and shellcode directly in memory. This allows them to minimize the risk of their attacks being discovered and blocked by traditional security tools,” Symantec notes.

The rate of phishing attacks went up as well, reaching one in 1,968 emails, the highest level observed during the past 12 months. The number of web attacks blocked by Symantec decreased slightly, from 1,159,398 per day to 1,158,985 per day. Despite that, July was the fourth consecutive month with elevated web attack activity.

The Mining sector had the highest spam rate (59.1%), followed by Manufacturing (56.9%). The Mining sector had the highest phishing rate at one in 1,263 emails, while the Agriculture, Forestry, & Fishing sector had the highest email malware rate at one in 152 emails. 

During July, security researchers also discovered a new type of attack targeting fresh installations of WordPress. As part of the attack, cybercriminals are scanning for a specific setup URL used in new installations of the content management system, and then take over the installation as it hasn’t been yet configured, replacing legitimate resources with their own, and even compromising hosting accounts and all other sites on that account.

Related: TrickBot Targets Outlook, Browser Data

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.


The easiest way for a cyber-attacker to gain access to sensitive data is by compromising an end user’s identity and credentials. Things get even...


The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.