Search

Brian Pennington

A blog about Cyber Security & Compliance

Tag

white paper

Symantec MessageLabs June 2011 Intelligence Report

Image representing Symantec as depicted in Cru...
Image via CrunchBase

Symantec have released their June 2011 Intelligence Report. The Symantec Intelligence Report, provides the latest analysis of cyber security threats, trends and insights from the Symantec Intelligence team concerning malware, spam, and other potentially harmful business risks. The data used to compile the analysis for this combined report includes data from May and June 2011.

Report highlights

  • Spam – 72.9% in June (a decrease of 2.9 percentage points since May 2011)
  • Phishing – One in 330.6 emails identified as Phishing (a decrease of 0.05 percentage points since May 2011)
  • Malware – One in 300.7 emails in June contained malware (a decrease of 0.12 percentage points since May 2011)
  • Malicious Web sites – 5,415 Web sites blocked per day (an increase of 70.8% since May 2011)
  • 35.1% of all malicious domains blocked were new in June (a decrease of 1.7 percentage points since May 2011):
  • 20.3% of all Web-based malware blocked was new in June (a decrease of 4.3 percentage points since May 2011)
  • Review of Spam-sending botnets in June 2011
  • Clicking to Watch Videos Leads to Pharmacy Spam
  • Wiki for Everything, Even for Spam
  • Phishers Return for Tax Returns
  • Fake Donations Continue to Haunt Japan
  • Spam Subject Line Analysis
  • Best Practices for Enterprises and Users

Spam Analysis

In June 2011, the global ratio of spam in email traffic decreased by 2.9% points since May 2011 to 72.9% (1 in 1.37 emails).

Country May April Change %
United States  29% 31% -2
India  5% 4% 1
Russia  5% 5%  
Brazil  5% 5%  
Netherlands  5% 5%  
Taiwan  3% 4% -1
South Korea  3% 3%  
Uruguay  3% 3%  
Ukraine  3% 2% 1
China 2% 3% -1

As the global spam level declined in June 2011, Saudi Arabia became the most spammed geography, with a spam rate of 82.2%, overtaking Russia, which moved into second position.

In the US, 73.7% of email was spam and 72.0% in Canada. The spam level in the UK was 72.6%. In The Netherlands, spam accounted for 73.0% of email traffic, 71.8% inGermany, 71.9% in Denmark and 70.4% in Australia. In Hong Kong, 72.2% of email was blocked as spam and 71.2% in Singapore, compared with 69.2% in Japan. Spam accounted for 72.3% of email traffic in South Africa and 73.4% in Brazil.

Global Spam Categories

Spam Category Name  June 2011
Pharmaceutical  40%
Adult/Sex/Dating 19%
Watches/Jewelry  18%
Newsletters  12%
Casino/Gambling  7%
Unknown  3%
Degrees/Diplomas  2%
Weight Loss  1%

Phishing Analysis

In June, Phishing activity decreased by 0.06 percentage points since May 2011; one in 286.7 emails (0.349%) comprised some form of Phishing attack

Phishing Sources: Country  May April % change
United States 44% 55% -11
Chile 15%  15%   unlisted N/A
Canada  5% 5%  
Germany  5% 6% -1
United Kingdom  4% 6% -2
China 2%  2%   unlisted N/A
France 2% 3% -1
Netherlands  2% 2%  
Russia  1% 2% -1
Australia 1% 3% -2

South Africa remained the most targeted geography for Phishing emails in June, with 1 in 111.7 emails identified as phishing attacks. South Africa suffers from a high level of Phishing activity targeting many of its four major national banks, as well as other international financial institutions.

In the UK, phishing accounted for 1 in 130.2 emails. Phishing levels for the US were 1 in 1,270 and 1 in 207.7  for Canada. In Germany Phishing levels were 1 in 1,375, 1 in 2,043 in Denmark and 1 in 543.7 in The Netherlands. In Australia, Phishing activity accounted for 1 in 565.2 emails and 1 in 2,404 in Hong Kong; for Japan it was 1 in 11,179 and 1 in 2,456 for Singapore. In Brazil, 1 in 409.8 emails were blocked as Phishing attacks.

The Public Sector remained the most targeted by phishing activity in June, with 1 in 83.7 emails comprising a Phishing attack. Phishing levels for the Chemical & Pharmaceutical sector were 1 in 897.3 and 1 in 798.3 for the IT Services sector; 1 in 663.2 for Retail, 1 in 151.4 for Education and 1 in 160.8 for Finance.

Email-borne Threats

The global ratio of email-borne viruses in email traffic was one in 300.7 emails (0.333%) in June, a decrease of 0.117 percentage points since May 2011.

The UK remained the geography with the highest ratio of malicious emails in June, as one in 131.9 emails was blocked as malicious in June.

In the US, virus levels for email-borne malware were 1 in 805.2 and 1 in 297.7 for Canada. In Germany virus activity reached 1 in 721.0, 1 in 1,310 in Denmark and in The Netherlands 1 in 390.3. In Australia, 1 in 374.5 emails were malicious and 1 in 666.5 in Hong Kong; for Japan it was 1 in 2,114, compared with 1 in 946.7 in Singapore. In South Africa, 1 in 280.9 emails and 1 in 278.9 emails in Brazil contained malicious content. With 1 in 73.1 emails being blocked as malicious, the Public Sector remained the most targeted industry in June. Virus levels for the Chemical & Pharmaceutical sector were 1 in 509.4 and 1 in 513.8 for the IT Services sector; 1 in 532.8 for Retail, 1 in 130.4 for Education and 1 in 182.3 for Finance.

Malware Name % Malware
Exploit/SuspLink-d1f2  4.85%
Link-Trojan.Generic.5483393-4cac  2.89%
W32/NewMalware!836b  2.41%
W32/NewMalware!0575 2.39%
Exploit/Link-FakeAdobeReader-8069  2.32%
Trojan.Bredolab!eml-1f08  1.97%
Exploit/LinkAliasPostcard-d361  1.52%
W32/Packed.Generic-7946 1.46%
W32/Bredolab.gen!eml  1.36%
Exploit/FakeAttach-844a 1.39%

Web-based Malware Threats

In June, MessageLabs Intelligence identified an average of 5,415 Web sites each day harboring malware and other potentially unwanted programs including spyware and adware; an increase of 70.8% since May 2011. This reflects the rate at which Web sites are being compromised or created for the purpose of spreading malicious content. Often this number is higher when Web-based malware is in circulation for a longer period of time to widen its potential spread and increase its longevity. The 70.8% rise marks a return to the highest rate since December 2010, as can be seen in the chart below; the rate had previously been diminishing during the first half of 2011.

As detection for Web-based malware increases, the number of new Web sites blocked decreases and the proportion of new malware begins to rise, but initially on fewer Web sites. Further analysis reveals that 35.1% of all malicious domains blocked were new in June; a decrease of 1.7 percentage points compared with May 2011. Additionally, 20.3% of all Web-based malware blocked was new in June; a decrease of 4.3 percentage points since the previous month.

Endpoint Security Threats

The endpoint is often the last line of defense and analysis; however, the endpoint can often be the first-line of defense against attacks that spread using USB storage devices and insecure network connections. The threats found here can shed light on the wider nature of threats confronting businesses, especially from blended attacks and threats facing mobile workers. Attacks reaching the endpoint are likely to have already circumvented other layers of protection that may already be deployed, such as gateway filtering. The table below shows the malware most frequently blocked targeting endpoint devices for the last month. This includes data from endpoint devices protected by Symantec technology around the world, including data from clients which may not be using other layers of protection, such as Symantec Web Security.cloud or Symantec Email AntiVirus.cloud.

Malware Name Malware %
W32.Ramnit!html  9.47%
W32.Sality.AE  8.49%
Trojan.Bamital 8.23%
W32.Ramnit.B!inf  7.59%
W32.DownadupageB  3.76%
W32.Virut.CF  2.70%
W32.Almanahe.B!inf  2.50%
W32.SillyFDC  1.99%
Trojan.ADH. 1.91%
Trojan.ADH  1.90%
Generic Detection 16.90%

For further details visit the Symantec website here.

March’s Report summary can be found here.

April’s Report summary can be found here.

May’s Report summary can be found here.

.

Advertisements

Study: Consumers’ Reaction to Online Fraud

Image representing ThreatMetrix as depicted in...
Image via CrunchBase

ThreatMatrix and Cloud-based Fraud Prevention Company and the Ponemon Institute have released the findings of their joint study on Consumers and their awareness and appreciation of online fraud.

The study has revealed

  • 85% of respondents reported being worried and dissatisfied with the level of protection online businesses are providing to stop fraudsters. This % is up 5% on the Ponemon study of 2009.
  • 42% of respondents said they have been the victim of online fraud.
  • 80% of victims said they did not report the crime.
  • 19% that said they had reported the fraud only reported to the online business.

A lot of fraudulent activity goes unreported today, making it difficult for online businesses to fully understand the prominence and seriousness of the problem,” said Reed Taussig, president and CEO, ThreatMetrix. “With a rise in online transactions and activities across devices, more needs to be done to educate online merchants, banks, social outlets and other businesses on how to decrease fraudulent activity.”

Those respondents that expressed concern over online fraud said they felt online merchants, banks and social networks need to take additional steps to prevent fraudsters from stealing consumer information.

  • 68% would allow a trusted online business to place a cookie on their computer to automatically authenticate them
  • 82% indicated that they would expect an online business to offer alternative authentication methods if they were unable to match the consumer’s digital fingerprint to their security system.

“Our survey results help validate the need and consumer preference for technology, such as device identification, to authenticate identity as opposed to using personally identifiable information,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “Consumers expressed much more willingness to share data like ISP, computer serial number, type and make, rather than information like date of birth and telephone number.”

Information Consumers are Willing to Allow a Trusted Online Business to Check to Verify Their Identity, or Digitally Fingerprint Their Computer:

1. Serial number of computer 88%
2. Type and make of your computer 83%
3. Internet service provider 76%
4. Browser settings  71%
5. Type of browser  65%
6. IP address 59%
7. Types of software applications residing on your device 54%
8. Email address  46%
9. Purchase history  39%
10. Planned future purchases  35%
11. Date of birth  34%
12. Telephone number  17%
13. Home address  16%
14. Name  14%
15. Zip code 9%
16. Social Security number 4%
17. Driver’s license number 2%

Study findings indicate that consumers have a “positive perception about companies that use authentication and fraud detection tools to prevent online fraud”.

  • 56% of consumers indicated they are ‘more willing’ to shop or browse an online business if they know that company is taking specific measures toward combating fraud.
  • 88% of respondents stated a preference for companies to share information about their device for authentication purposes — as opposed to sharing personal information to verify their identity.

 Read the whole study here.

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: