Some of the key takeaways from October’s Latest Intelligence, and the threat landscape in general, include research on the most likely infection vectors, malicious security tools, and a scam targeting tax professionals.
Malware
The email malware rate declined last month for the first time since March. However, at one in 355 emails, the rate is higher now than it was the last time it declined, due to six straight months where the rate went up. The Agriculture, Forestry, and Fishing sector saw the highest rates across industries, followed by Mining in second place and Wholesale Trade in third.
New research conducted by Symantec, and published in a new white paper, has discovered that users are twice as likely to encounter threats through email as they are through other infection vectors, such as exploit kits. Other findings described in the white paper show that one in nine email users encountered email malware in the first half of 2017 and approximately 8,000 businesses each month are targeted by business email compromise (BEC) scams.
Figure 1. Users are twice as likely to encounter threats through email as they are through other infection vectors
Spam
The global spam rate declined slightly in October for the second month in a row, down 0.1 percentage points. This follows a two-and-a-half year high in July, where the spam rate peaked at 55.3 percent. At 59.4 percent, the Mining sector had the highest spam rate, though it was down 0.2 percentage points. The Manufacturing sector came in second, with a rate of 56.4 percent.
One spam-related story in October highlights the importance of vetting security tools prior to use. A WordPress plug-in that mimics a popular antispam tool was discovered to contain a backdoor. The tool, named X-WP-SPAM-SHIELD-PRO after the popular WP-SpamShield antispam tool, also disables other WordPress plugins, steals data, and creates a hidden admin account if it is installed on a web server.
Phishing
There was a slight decline in the phishing rate last month, which dropped to one in 3,183 emails. This is the third month in a row that the rate as declined after reaching a 12-month high in July. The Agriculture, Forestry, and Fishing sector topped the list of industries receiving phishing emails, followed by Mining and Public Administration, which came in second and third, respectively.
The Internal Revenue Service (IRS) is warning of another phishing scam intent on tricking tax professionals into giving up the personal details of their clients. The scam arrives as phishing emails that appear to come from a legitimate cloud-storage company. Sensitive client information is put at risk if the tax professional, thinking the site is legitimate, enters client details into the phishing site. The scammers may then use the details entered to carry out identity theft.
Mobile & Social Media
Once again, Manual Sharing topped the list of social media scams, where it comprised more than 67 percent of scams in October. Like Jacking saw the largest increases in activity, up 4.29 percentage points over September.
Figure 2. Manual Sharing comprised more than 67 percent of scams in October
A scam was discovered on Twitter last month that can result in attackers taking over a user’s account. The scam is run through an app that claims that it can show you who has visited your profile page. If a user grants the app access to their account, it will send spam messages from the compromised account.
There was one new Android malware family discovered in October. Android.Sockbot is a Trojan horse that creates a SOCKS proxy on the compromised device and appears to be used by attackers to generate advertising traffic for online ad fraud.
This is just a snapshot of the news for the month. Check out the Latest Intelligence for the big picture of the threat landscape with more charts, tables, and analysis.