AppRiver Releases 2010 Year-End Spam Report and Presents 2011 Forecast
AppRiver Releases 2010 Year-End Spam Report and Presents 2011 Forecast
AppRiver, LLC, a leading provider of e-mail messaging and Web security solutions, today released its year-end Threat and Spamscape report, a detailed summary and analysis of spam and malware trends traced over the course of 2010. Over the last twelve months, AppRiver quarantined more than 38 billion spam messages, almost double the amount quarantined just two years ago. Of that total, 450 million messages contained viruses.
According to Fred Touchette, report author and senior security analyst at AppRiver, phishing techniques showed increasing sophistication. Utilizing both traditional and new techniques, Touchette predicts phishing campaigns to be an ever-present trend in 2011. Specifically, Touchette identified the following phishing characteristics that will continue in the coming months:
Pretending to be a Banking Institution-Posing as a trusted bank is a tried and true persona for cyber criminals. Unsuspecting online bankers can quickly become victims, especially when a simple e-mail that appears to be from their bank asks them to log-in. This essentially hands the bad guys account information.Activating Botnets-Despite the take-down of the Pushdo and Bredolab botnets, the presence of botnets does not appear to be going away any time soon. Underground forums that sell kits, mostly ZeuS-based kits, will enable botnets to continue to spew out spam for the foreseeable future. As a result, the ZeuS botnet remains highly dangerous as it continues to target financial information.Capitalizing on Facebook and Twitter-Social networking sites are prime locations for cyber criminals to prey on the naïve and unsuspecting. With such a large cross-section of users, the potential for a successful attack is significant.Targeting Mobile Devices-The steadily increasing use of mobile devices will increase the likelihood of these devices becoming prime targets for malicious attacks. As evidenced by the attack we saw in late August, cyber criminals showed just how easy it is to create a believable Facebook spam campaign targeting smartphone users."E-mail and Web security are becoming more important than ever," said Touchette. "Social networking sites like Facebook and Twitter, along with the proliferation of mobile devices, increase the playing field for the bad guys. Over the past year, we've seen Twitter serve as a transmission mechanism for worms and spam campaigns, something we can expect more of in the next year. We can also expect that with the increased use of the cloud, we will see more malicious campaigns utilizing virtualization. 2011 will be an interesting year for infections and varying types and delivery methods of malware."
Also in the report, Touchette discusses the following specific attacks and general themes from the past year:
Here You Have Worm: Due to its propagating nature, this worm spread quickly across the Internet, using a ".scr" extension that has thrown up red flags for the past two decades.Stuxnet: A calculated cyber warfare attack, Stuxnet made governments realize just how real cyber espionage is. Cyber espionage is likely to increase in frequency as the effectiveness of these attacks becomes clearer. Stuxnet also helped emphasize the importance of implementing patches to keep endpoint security up-to-date.Going Green: Utilizing targeted spear phishing campaigns, hackers attacked more than 2,000 companies in an attempt to steal carbon credits and resell them for large profit.International Events: Whether a tragedy, such as the earthquake in Haiti, or a global sporting event, such as the FIFA World Cup, spammers are quick to try to trick e-mail recipients and Web surfers."Although spam volume increased and threats became more advanced, not everything was bad in 2010," said Touchette. "More than 60 arrests were made regarding the ZeuS botnet and a few other botnets were taken down. I'd say that's Score 1 for the good guys."
The full 2010 Year in Review report can be found at: http://www.appriver.com/reports/pdf/2010YearInReviewAppRiver.pdf.
The full 2011 Forecast report can be found at: http://www.appriver.com/reports/pdf/AppRiver2011Forecast.pdf.