Today we unveil our Q2 Global Security Report, a detailed summary and analysis of malware and spam trends between April and June 2015. We’ve included a few highlights from our findings below, but you may also read the full Global Security Report.
During the second quarter of 2015, we quarantined 4.7 billion spam messages (81 percent of all email traffic), down from 5.5 billion spam messages in Q1, 2015. We blocked 165 million email messages with attachments that contained viruses in Q2. More than half (51 percent) of all spam traffic in Q2 originated from North America. Total spam traffic originating from North America and Europe accounted for 80 percent of all Q2 spam traffic.
“Q2 proved again to be very active regarding spam generation within North America generating more than half of all global messages again for the third consecutive quarter,” said AppRiver’s senior security analyst Fred Touchette. “It is more important than ever for companies to educate their staff on the seriousness of the breach problem because hackers don’t announce themselves, but rather they attempt to work in darkness to minimize detection ultimately maximizing the size and scope of their breach.”
Memorable Breaches and Malware:
- Office of Personnel Management Breach: This was the largest Q2 breach and it was massive. Large amounts of personal data was stolen, including family and relative names, financial history, current and past residences, names of neighbors, friends, coworkers, roommates and social security numbers.
- Amazon-Themed Malware Targets Crypto Currencies:In June, AppRiver discovered an attack posing as legitimate Amazon purchase confirmations attempting to leverage the use of macros in Word documents in order to infect their victims. This malware would attempt to steal account credentials for a lengthy list of FTP and multiple file storage programs as well as various passwords from infected machines, such as those for MS Outlook and installed browsers such as Firefox, IE, Opera and Chrome.
- Dridex Malware: The malware family known as Dridex had a busy Q2. This banking Trojan is an evolution from its fellow family member Cridex which mainly lived online, waiting for victims to surf past a website that it inhabits in order to achieve infections. However, rather than waiting, Dridex decided to email itself out to the world.
- LastPass Master Passwords Pilfered: On June 15, LastPass notified customers that they had suffered a breach. The theft of data is concerning because securing passwords is LastPass’ security focus. Email addresses of users, password reminders and authentication hashes were stolen. LastPass did reassure customers that their password vaults were not taken, .ie, a vault contains all of the stored passwords that were saved by the user. It is recommended everyone change their master passwords and also look into using two- factor authentication.
AppRiver is an award-winning email and Web security solution to businesses of all sizes. To learn more about AppRiver’s security services or to enjoy a 30-day free trial, please visit www.appriver.com.