July 22, 2016 by Canadian Underwriter
A security analyst team at AppRiver, a cloud-based cybersecurity company based in Gulf Breeze, Fl., has quarantined 4.2 billion emails containing malware in the second quarter of 2016, “pointing to a continued increase in malware traffic this year.”
The emails containing malware have resulted in a total of 6.6 billion emails quarantined during the first half of 2016. For comparison, analysts observed 1.7 billion emails containing malware during all of 2015, AppRiver said in a press release earlier this week.
According to AppRiver’s Q2 Global Security Report, 57% of spam and malware traffic originated in North America, with Europe coming in second place at 20.9%.
The company also indicated that “Necurs is back with a vengeance,” noting that the infamous botnet’s return was one of the major reasons behind the escalation in malware activity – which clocked in at 4.2 billion malicious emails and 3.35 billion spam emails between April 1 and June 30. For the first time, the report also included metrics from Web-borne threats, reporting an average of 43 million unique threats daily throughout the second quarter.
Ransomware levels, as predicted in the Q1 Global Security Report, have increased this quarter, with AppRiver’s security researchers predicting that the massive volume of malware isn’t likely to subside anytime soon. “With the likes of Locky and Zepto kidnapping users’ files until they pay a ransom, malware – especially ransomware – has become a business of its own,” the release said.
“On the Dark Web, organized crime groups have the ability to purchase botnets that unleash ransomware, such as the very popular Locky variant, that help to keep themselves in business and to fund other criminal activities,” said Troy Gill, manager of security research with AppRiver. “Its easy accessibility, coupled with victims’ willingness to pay to get their files back, contribute to its massive scope.”
Jon French, security analyst at AppRiver, said that “email and malvertising remain popular ways to trick victims into downloading malware. It’s as easy as email posing as a faux FedEx receipt requiring the victim to open a .zip attachment to view said receipt, except when the victim opens it, it downloads a malicious payload onto the computer that encrypts all of its files.”
The company did notice a brief dip in malware traffic from June 1, until June 20. “The Necurs botnet went conspicuously quiet over that two-week period,” Gill said in the release. “Around the same time, members of a major Russian organized crime group, Lurk, were arrested. While we can’t definitively link the two, we do know that had Necurs not been taken offline, malware traffic certainly would have been much higher.”