What’s causing the rise of SPAM?
A report published today by Cisco’s Talos team highlights that, since February this year, spam levels have been slowly growing from 200K messages per day to around 450K. The last five years we have seen a relatively calm period with respect to spam levels. At the turn of the decade, the world was experiencing record-high volumes of spam. With the evolution of new anti-spam technologies, combined with some high-profile take-downs of spam-related botnets, voluminous and indiscriminate spam attacks fell precipitously in popularity with spammers.
2016 has seen overall spam volumes creep back up to a level that we have not seen for a very long time. Cisco puts most of the blame on the Necurs botnet, which they say is responsible for most of the junk email traffic today. But the BOTs of today are more sophisticated than the BOTs of the past. They operate in semi-stealth mode which makes their identification (and subsequent removal or blocking) difficult. An infected host might be used for two to three days, and then sometimes not again for two to three weeks confusing anti – SPAM mechanisms and therefore operating freely for many months until its inevitable detection.
That’s not the only difference between 2010 and 2016.
Today, the same botnet that previously delivered only Russian dating and stock pump-n-dump spam, has now changed strategy and is deploying messages with malicious files attached. These botnets help propagate the Dridex banking Trojan and variants of the Locky ransomware, this is a very grave development.
Until now, most Ransomware and Trojan distribution campaigns were dependent on the hacker’s ability to generate and send to a specific list of email addresses. Now with the botnet taking this role, cyber criminals can kick back and have someone else (albeit non- human) do their dirty distribution work.
Our course of action
We, the potential victims of SPAM, are in great need for more robust and advanced email security mechanisms; SPAM filters can no longer protect us and our organizations. In the effort to protect against such attacks, we must advance our securities, creating layered defenses in the efforts to detect such attacks. Offline back-ups are very important as well as creating, reviewing, and testing a restoration plan.