Today we unveil our Q2 Global Security Report, a detailed summary and analysis of malware and spam trends between April and June 2015. We’ve included a few highlights from our findings below, but you may also read the full Global Security Report.

During the second quarter of 2015, we quarantined 4.7 billion spam messages (81 percent of all email traffic), down from 5.5 billion spam messages in Q1, 2015. We blocked 165 million email messages with attachments that contained viruses in Q2. More than half (51 percent) of all spam traffic in Q2 originated from North America. Total spam traffic originating from North America and Europe accounted for 80 percent of all Q2 spam traffic.

“Q2 proved again to be very active regarding spam generation within North America generating more than half of all global messages again for the third consecutive quarter,” said AppRiver’s senior security analyst Fred Touchette. “It is more important than ever for companies to educate their staff on the seriousness of the breach problem because hackers don’t announce themselves, but rather they attempt to work in darkness to minimize detection ultimately maximizing the size and scope of their breach.”

Memorable Breaches and Malware:

  • Office of Personnel Management Breach: This was the largest Q2 breach and it was massive. Large amounts of personal data was stolen, including family and relative names, financial history, current and past residences, names of neighbors, friends, coworkers, roommates and social security numbers.
  • Amazon-Themed Malware Targets Crypto Currencies:In June, AppRiver discovered an attack posing as legitimate Amazon purchase confirmations attempting to leverage the use of macros in Word documents in order to infect their victims. This malware would attempt to steal account credentials for a lengthy list of FTP and multiple file storage programs as well as various passwords from infected machines, such as those for MS Outlook and installed browsers such as Firefox, IE, Opera and Chrome.
  • Dridex Malware: The malware family known as Dridex had a busy Q2. This banking Trojan is an evolution from its fellow family member Cridex which mainly lived online, waiting for victims to surf past a website that it inhabits in order to achieve infections. However, rather than waiting, Dridex decided to email itself out to the world.
  • LastPass Master Passwords Pilfered: On June 15, LastPass notified customers that they had suffered a breach. The theft of data is concerning because securing passwords is LastPass’ security focus. Email addresses of users, password reminders and authentication hashes were stolen. LastPass did reassure customers that their password vaults were not taken, .ie, a vault contains all of the stored passwords that were saved by the user. It is recommended everyone change their master passwords and also look into using two- factor authentication.

AppRiver is an award-winning email and Web security solution to businesses of all sizes. To learn more about AppRiver’s security services or to enjoy a 30-day free trial, please visit

To the chagrin of many in the title and lending industry, the TILA-RESPA Integrated Disclosure (TRID) deadline is rapidly approaching on October 3, 2015. While we can’t push back the deadline for you, we can offer you a few quick tips to help keep you compliant with the Consumer Financial Protection Bureau’s (CFPB) rules on TRID and nonpublic information (NPI).

1. The Three Day Rule

Three is the magic number for TRID. Under the new rules, lenders must deliver a new Loan Estimate to borrowers no fewer than three days before any documents or fees are collected. Mortgage pre-approvals cannot be issued until three days after the original applications are due to restrictions on when lenders can request supporting income and asset documents.

On the other side, TRID’s Closing Disclosure must be delivered to the borrower at least three days prior to settlement. If there is a change in loan terms which causes the disclosed APR to move by 0.125 in either direction, the three day clock is restarted.

If you plan to snail mail your Loan Estimates and Closing Disclosures to your borrowers, you can add another three days to that clock to account for travel time. However, the travel time can be mitigated with email, since the borrower would receive his Estimate or Disclosure on the same day as it was sent.

2. With Email, Comes NPI Compliance

While email makes sending and receiving Estimate and Disclosure documents much faster than mailing them via the post, you still have to ensure that you’re maintaining NPI compliance in accordance with the CFPB. While these rules have more “don’t do this” than “do this instead” steps, fortunately the American Land and Title Association (ALTA) has issued best practice tips to shepherd title companies towards compliance. While these tips are not mandatory, following them can ease the burden of compliance. Amongst their recommendations:

  • Limit NPI access to only those who need it, such as a loan officer, when they need to access it
  • Conduct background checks on employees who will access NPI
  • NPI should only be transmitted via secure delivery methods, like encrypted email
  • Stay updated on federal and state security breach notification laws

3. Hope for the Best, Prepare for the Worst

Since you’ll be dealing with NPI frequently, it’s imperative that your organization is prepared in case of a data breach, especially if you choose to not encrypt your email. Many states vary in timelines to disclose a breach, how they define a breach, and how much they fine for an infraction. You can prepare your organization for a data breach by establishing standards when handling NPI on the front end and educating your team on what do in case of a data breach on the back end.

A breach NPI privacy can be easy as sending an Estimate or a Disclosure to the wrong inbox. Email Encryption from AppRiver features a message recall feature where you can retract an email after it has been sent, as well as tracking tools so you can see who has read it.

If you’re ready to learn more about how email encryption can keep you compliant, contact us at (866) 233-4645 or


Very soon, major changes are coming to the title industry. On October 3, 2015, Truth in Lending Act and Real Estate Settlement Procedures Act (TILA-RESPA) will add a new set of regulations to the title industry to help safeguard consumers from non-public information (NPI) data breaches. While this is a win for consumers, it can leave title companies vexed as they try to determine the best course for compliance with the new regulations.

Fortunately, the American Land Title Association (ALTA) has issued NPI best practices guidelines for title companies. While the guidelines are not mandatory, they can ease the burden of research on small title companies by showing them the easiest way to protect their clients and themselves. Between July and December 2014, over $19 million in remediation was paid out to more than 92,000 consumers for infractions with Consumer Financial Protection Bureau (CFPB) compliance regulations. As the regulations toughen in October, this number can only be expected to rise.

One of the simplest ways to keep your business compliant is with email encryption. As recommended by the ALTA’s Best Practices Pillar 3, email encryption can help you stay compliant by sending NPI securely, mitigating the risk of a data breach via unsecure email. AppRiver’s email encryption service, CipherPost Pro™ includes an FYEO feature and message tracking, freezing and recalling options, helping to ensure than sensitive data is received only by its intended recipients.


Over the past week we have been monitoring (and blocking) a stream of malicious emails attempting to pose as legitimate Amazon purchase confirmations. The messages simply state that your order has been confirmed and contains a small amount of details. The user being target is directed to the attached .doc file for the shipping and tracking details.

amazon malware

In order for the .doc (MD5sum=998692c0e93d4821c069aa96ddff800c) to actually infect the user’s machine they must have Macro’s enabled for MS Word. Thankfully for most users, Macros are disabled by default in current versions. However, for those who already have it enabled or chose to follow the prompt and enable them an infection will occur. The malware contained in these messages is identified as part of the Fareit malware family. This family of malware is often distributed via Word documents with malicious macros embedded and has been known to drop multiple malware variants on the target machine.

In this particular case the malware quickly goes to work attempting to steal your Outlook password along with website passwords from various browsers such as Firefox, IE, Chrome and Opera. It then attempts to harvest account credentials for a lengthy list of FTP and multiple file storage programs. In addition it begins pilfering the target machine for just about every type of Crypto currency in existence. Including:

callout3This behavior (stealing Crypto currency) is something we have been seeing with more frequency as of late. The anonymous nature and lack of regulation in the Crypto Currency market make it more akin to stealing actual cash than to committing wire fraud by raiding someones online bank accounts. But in this case the cybercriminals are  o.k. with that too… The last observed behavior was to drop a copy of the Zeus Trojan to be used to capture and steal bank related information.

Recently, we learned of a federal data breach involving the personal records of around four million current and former government employees. While information about the scope of the attack is still developing, we do know that US investigators are saying that it could affect nearly every government agency and is likely the largest federal government data breach to date. US investigators believe they can trace the attack to the Chinese government, claims that Beijing has called baseless.

In regards to cybersecurity, relations between the US and China haven’t been the best in the past. Each side has pointed fingers in cyberattacks before, with the US saying not too long ago the Chinese government may have stolen terabytes worth of data about a new jet fighter being developed. This latest attack further enforces the idea that nations are moving towards cyber warfare with each other. These sorts of attacks are becoming more and more common in the news, and we’re now seeing nations forming cybersecurity divisions devoted to protecting national security as well as have offensive abilities.

With over four million records stolen of government employees in this breach, a question that comes up is “what will they do with all of that data?” US officials believe China is trying to compile a large database of Americans’ sensitive data, but they are unsure of the purpose of that database. While they may just take the stolen data and save it, it’s possible there could be other ideas in store for it, such as fraud and impersonation. The data could be sold to other governments that may want it for their own use for attacks, or they could even use the information gained to have further successful attacks in the future.

This is also a grim reminder that anyone with sensitive data needs to stay on top of security. Whether you are a small business or a national government, there is always someone out there that wants to get a hold of your data. It was mentioned this breach of data occurred right before the adoption of tougher security controls.  In this instance, they were unfortunately too late, but this is a good reason to show why putting off updates and security upgrades can be a bad idea. If there is a soft spot in security somewhere, it’s just a matter of time before an attacker may find it and exploit it.