Spam Now Makes Up Nearly Two-Thirds Of All Email

Spam spikes, and nearly three-fourths of all organizations worldwide have suffered adware-borne infections, according to Ciscos annual cybersecurity report.

Spam now accounts for 65% of all email worldwide, and up to one-fifth of spam is malicious, according to new data from Cisco Systems.
Massive spamming botnets such as Necurs are behind this recent spike in junk and malicious email, Cisco found and noted in its 2017 Annual Cybersecurity Report published this week. Why the revival in spam campaign volume? Its becoming more of a commercial business enterprise, which in part is driving its explosion, says Cisco vice president and CISO Steve Martino.
There are organizations building tools and technologies that let other people use and build spam campaigns without knowledge of how to build a spam campaign. As a service model, its proliferating and allowing more people with less technical skills participate and leverage the technical skills of somebody who has those skills, Martino says.
Cisco found that the DNS-based blackhole list, the Composite Blocking List, shows spam volume reaching the record highs last seen in 2010. The Necurs botnet, which has been used to spread Locky ransomware as well as the Dridex banking Trojan, is the main driver of the spam spike: around June of last year, Necurs added over 200,000 IP addresses in under two hours after a brief respite in the wake of a cybercrime crackdown of the Lurk Trojan in Russia.
New antispam technologies, and high-profile takedowns of spam-related botnets, have helped to keep spam levels low in recent years, Cisco said in its report. That is, until Necurs started to change the game with more malicious activity.
Another relatively old-school cybercrime method had a big year in 2016: adware. Some 75% of organizations have been infected via adware, according to Cisco. Sadly, this is not a big surprise. We have seen a proliferation and move to malvertising on legitimate websites, says Franc Artes, architect for Ciscos Security Business Group. There are plenty of malvertising development kits available to would-be criminals that, like spam kits, make it easy for a non-technical bad guy to spread malicious adware.
Malicious adware is used for so-called click fraud to make money off of online ads, and is also used as an initial vector for other attacks. Of 130 organizations across various industries, Cisco found 80 different adware variants that conducted everything from ad injection to malware download duties. Three-fourths of those organizations had been hit by an adware infection.
Driving malvertising attacks are so-called bad bots that pose as real humans. The environment is changing and bots are getting more and more sophisticated as more tools are out there to detect them, says Edward Roberts, director of product marketing at Distil Networks. Across the board, there are silent victims across industries.
Even so, malvertising and spam are nothing new. Were seeing a return, I think, to the classics. What was old is new again, using techniques weve forgotten about because they were low-profile and are [now] becoming high-profile, Ciscos Martino says.
Where the attackers can maximize profits, they collaborate with each other, buying and selling services like we sell cloud services. This is giving them opportunities to move faster and to leverage various experts to attack organizations, Ciscos Martino says.
Meanwhile, 44% of security alerts are ignored, according to Ciscos findings. The study found that security pros say they can only investigate 56% of the security alerts they receive each day. About half of those they investigate are real issues (not false alarms), and some 46% of legitimate alarms investigated get fixed. Nearly 45% of security operations managers say they receive some 5,000 security alerts per day.
Ciscos Artes says there are several reasons why SOC managers cant keep up with security alerts. For 35% of those in the study, budgets are the biggest obstacle, he says. Some 55% of respondents have anywhere from six to 50 different security vendors [products], which can complicate proper correlation and alarms, he notes.
In every breach that Ive seen or looked at or know about, theres been more than one alert. More than one piece of data – had someone seen it or if the system had been able to react, it wouldve deterred that particular attack, Martino says.
Time to detection is a big issue for organizations today, notes Julien Bellanger, CEO and Co-Founder of Prevoty. The time to detection is critical. The more relevant the intelligence thats coming from security tools at the network, the endpoint and the application, the faster that detection can happen, he says. A lot of information is generated, but too little is correlated to other events to make sense and be actionable.
Then theres the business fallout of missing that needle in the haystack.
According to the Cisco report
, nearly half of organizations say they lost substantial business opportunities after a breach: one in five lost customers and 30% lost revenue.
Related Content:
SOC Maturity By The Numbers
Report Says Death Of The Password Greatly Exaggerated
How Cybercriminals Turn Employees Into Rogue Insiders

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Spam Now Makes Up Nearly Two-Thirds Of All Email