Latest Intelligence for November 2017

Some of the key takeaways from November’s Latest Intelligence, and the threat landscape in general, include increases in spam and phishing rates surrounding key shopping dates, new Android malware, and new research published regarding an attack group.

Spam

The spam rate increased in November, up 0.6 percentage points from October, following back-to-back months where the rate declined. At 55.5 percent, this is the highest spam rate seen since March 2015.

The month of November tends to come with elevated spam rates, having had the highest rate for 2016 and second-highest in 2015. Given how major shopping events in November, such as Black Friday, Cyber Monday, and Singles Day, tend to lead to an increase in email spam, these increases likely come as little surprise.

In fact, over the Black Friday to Cyber Monday weekend, the Necurs botnet appears to have sent out a massive volume of spam. The particular campaign appears to be an attempt to compromise the email recipients’ computers with ransomware.

Phishing

The phishing rate also increased in November, where 1 in every 2,560 emails was a phishing attempt. This is the first monthly increase in the rate seen since it reached a 12-month high back in July of this year.

One particular scam seen in the lead up to Black Friday involved SMS and messaging apps, where the messages appear to come from legitimate companies. However, rather than legitimate offers, these messages attempt to steal personal information from the unsuspecting recipient.

Mobile

There were three new Android malware threats seen in November. Tying again into the holiday shopping period, two of these threats—Android.Doublehidden and Android.Fakeyouwon—display advertisements and present fake offers, respectively. The third threat, Android.Rootnik.B, installs a rootkit on the compromised device.

Malware

The email malware rate declined slightly in November, dropping from 1 in 355 emails to 1 in 505. This is the lowest rate seen since April, 2017 and declines were seen across all industry sectors and organization sizes.

In November, Symantec identified an attack group targeting specific organizations in South America and Southeast Asia. Dubbed Sowbug, the group has been observed stealing documents from the organizations that it manages to break into, most of which appear to be foreign policy and diplomatic targets.

This is just a snapshot of the news for the month. Check out the Latest Intelligence for the big picture of the threat landscape with more charts, tables, and analysis.