Email Spam Surged in 2016: 65% of Emails are Spam

Email spam is seen by many as a productivity draining nuisance. It clogs inboxes and takes up precious time; although the volume of malicious spam has grown significantly in the past 12 months. Email spam remains a major security threat.

In 2010, following takedowns of botnets and arrests of key spammers, spam email volume fell. Spam email volume has since been relatively low. However, a recent analysis of email traffic by Cisco Systems has shown that spam email volume rose significantly last year.

Cisco tracked spam using opt-in customer telemetry and its data show that spam email now accounts for 65% of all emails sent. The sharp rise in email spam has been attributed to the growth of spam botnets such as Necurs. The Necurs botnet is one of the primary vectors used to deliver Locky ransomware and the Dridex banking Trojan.

The number of IP connection blocks added to the botnet increased significantly last year. Between August and October, Cisco reports a doubling of IP addresses used by the botnet, rising from around 200,000 to 400,000 IP addresses during that period.

In 2010, Cisco’s data show that around 5,000 spam emails were being sent every second. While there has been the occasional blip between then and now, spam email volume between 2010 and 2015 has remained at a level of around 1,500 spam emails per second. Last year did not see a return to 2010 levels, but spam email volume did rise to around 3,000 emails per second – Twice the volume seen in 2015.

Spam is unfortunately not just a nuisance. It is a serious security threat. The increase in email spam is not all cheap deals for watches and Viagra. There has been a sharp rise in malicious spam containing links to websites containing exploit kits and other threats, phishing email volume has increased, and there are malicious attachments aplenty.

Spam email has once again become a hugely popular attack vector for cybercriminals and it is being extensively used to spread malware, ransomware, and relieve employees of their credentials.

According to Cisco Systems, between 8% and 10% of spam emails are malicious. However, more significantly, the percentage of malicious emails has tripled over the course of last year and there is nothing to suggest that the trend will not continue in 2017.

The types of malicious attachments being sent are highly varied. Cybercriminals are experimenting with different files types to find out which are the most effective. There have been notable spikes in a wide range of malicious files in the past 12 months: HTA attachments, JavaScript files, zip files, Office documents and spreadsheets containing malicious macros, and WSF files.

Cisco systems reports two distinct tactics used by spammers: hailstorm and snowshoe campaigns. Hailstorm campaigns take advantage of the small window of opportunity between the campaign commencing and antispam solutions detecting the spammers’ malicious IP addresses. While the window may only last for seconds or minutes, during that time vast quantities of spam emails are sent. On the other hand, snowshoe campaigns involve very small quantities of spam being sent from IP addresses in an attempt to fly under the radar of antispam solutions.

With spammers’ tactics constantly evolving and malicious spam email volume increasing, healthcare organizations need to exercise caution. Antispam solutions should be deployed to reduce the risk of malicious messages being delivered to end users and CISOs should keep abreast of the latest threats. Warnings should then be issued to staff to prevent them being fooled by phishing scams and malicious messages containing ransomware/malware downloaders.

The Cisco Annual Cybersecurity Threat Report, which covers a broad range of attack vectors used by cybercriminals in 2016, can be viewed here.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.