Spam has been around almost since the internet was first created. In fact the first spam message was sent out through ARPANET which is the predecessor to the internet we know now. If you have an email address, it’s very likely you get spam messages as well. Sending spam emails is a tactic that’s still around today because it’s a tactic that works. Fortunately with the hunt for shutting down botnets and people being more security focused, it makes spamming less effective and thus less profitable for spammers. With money powering most spam activities, stopping spam impacts income which can in theory lead to less people turning to spam tactics as a viable option of making money.

Here at AppRiver, we still see spam all day every day.  In June 2015, for example, the month averaged out to be 80% spam for all traffic seen (low: 72% and high: 95%). This is about average overall for our normal spam traffic we see month to month. The high points are normally going to be the weekdays and the low points are during the weekend when traffic is at its lowest across the board.

graph1

Looking even further back gives a better picture about fluctuations in traffic. These fluctuations can happen for all sorts of reasons like new botnets coming on and offline, Governments/ISPs cracking down on spammers, or just down to timing depending on what spammers are active out there. But the overall trend over this time has been pretty steady. Seeing traffic double or triple for a short time is pretty normal in our filtering, as well as big drop offs. In the end though traffic usually levels out to an average amount.

all_

Virus traffic is something that hasn’t sustained any large leaps in volume, but we have seen that over about the past year the traffic has been relatively steady. We haven’t been seeing the drastic spikes in virus traffic that used to be more common. This isn’t to say virus traffic has lowered, but instead it’s at a more constant flow than it was a year or more ago. With things like Cryptowall viruses and Macro documents being popular and effective, we expect to continue seeing those come in.

virus

Looking ahead and giving an opinion, I don’t see email traffic making a huge change in trend of volume, up or down. There have been times in the past where major takedowns have affected traffic globally for everyone out there, but these days a lot of spam comes from botnets instead of just large hosting providers that didn’t care about spam. These botnets are much harder to be tracked down and stopped given how many computers are connected and infected on the internet. Stopping botnets is a delicate task that primarily involves taking down the command and control servers. But with how sophisticated botnets have become and seeing them constantly evolve, there are redundancies they build in to try and thwart any takedown attempts.

With a combination of email and web protection that can block unwanted traffic, we’re constantly in a battle to try and stay ahead of new methods and technologies spammers and attackers are using to get spam to someone’s inbox or infect their computers with the latest virus threats out there.

Today we unveil our Q2 Global Security Report, a detailed summary and analysis of malware and spam trends between April and June 2015. We’ve included a few highlights from our findings below, but you may also read the full Global Security Report.

During the second quarter of 2015, we quarantined 4.7 billion spam messages (81 percent of all email traffic), down from 5.5 billion spam messages in Q1, 2015. We blocked 165 million email messages with attachments that contained viruses in Q2. More than half (51 percent) of all spam traffic in Q2 originated from North America. Total spam traffic originating from North America and Europe accounted for 80 percent of all Q2 spam traffic.

“Q2 proved again to be very active regarding spam generation within North America generating more than half of all global messages again for the third consecutive quarter,” said AppRiver’s senior security analyst Fred Touchette. “It is more important than ever for companies to educate their staff on the seriousness of the breach problem because hackers don’t announce themselves, but rather they attempt to work in darkness to minimize detection ultimately maximizing the size and scope of their breach.”

Memorable Breaches and Malware:

  • Office of Personnel Management Breach: This was the largest Q2 breach and it was massive. Large amounts of personal data was stolen, including family and relative names, financial history, current and past residences, names of neighbors, friends, coworkers, roommates and social security numbers.
  • Amazon-Themed Malware Targets Crypto Currencies:In June, AppRiver discovered an attack posing as legitimate Amazon purchase confirmations attempting to leverage the use of macros in Word documents in order to infect their victims. This malware would attempt to steal account credentials for a lengthy list of FTP and multiple file storage programs as well as various passwords from infected machines, such as those for MS Outlook and installed browsers such as Firefox, IE, Opera and Chrome.
  • Dridex Malware: The malware family known as Dridex had a busy Q2. This banking Trojan is an evolution from its fellow family member Cridex which mainly lived online, waiting for victims to surf past a website that it inhabits in order to achieve infections. However, rather than waiting, Dridex decided to email itself out to the world.
  • LastPass Master Passwords Pilfered: On June 15, LastPass notified customers that they had suffered a breach. The theft of data is concerning because securing passwords is LastPass’ security focus. Email addresses of users, password reminders and authentication hashes were stolen. LastPass did reassure customers that their password vaults were not taken, .ie, a vault contains all of the stored passwords that were saved by the user. It is recommended everyone change their master passwords and also look into using two- factor authentication.

AppRiver is an award-winning email and Web security solution to businesses of all sizes. To learn more about AppRiver’s security services or to enjoy a 30-day free trial, please visit www.appriver.com.

To the chagrin of many in the title and lending industry, the TILA-RESPA Integrated Disclosure (TRID) deadline is rapidly approaching on October 3, 2015. While we can’t push back the deadline for you, we can offer you a few quick tips to help keep you compliant with the Consumer Financial Protection Bureau’s (CFPB) rules on TRID and nonpublic information (NPI).

1. The Three Day Rule

Three is the magic number for TRID. Under the new rules, lenders must deliver a new Loan Estimate to borrowers no fewer than three days before any documents or fees are collected. Mortgage pre-approvals cannot be issued until three days after the original applications are due to restrictions on when lenders can request supporting income and asset documents.

On the other side, TRID’s Closing Disclosure must be delivered to the borrower at least three days prior to settlement. If there is a change in loan terms which causes the disclosed APR to move by 0.125 in either direction, the three day clock is restarted.

If you plan to snail mail your Loan Estimates and Closing Disclosures to your borrowers, you can add another three days to that clock to account for travel time. However, the travel time can be mitigated with email, since the borrower would receive his Estimate or Disclosure on the same day as it was sent.

2. With Email, Comes NPI Compliance

While email makes sending and receiving Estimate and Disclosure documents much faster than mailing them via the post, you still have to ensure that you’re maintaining NPI compliance in accordance with the CFPB. While these rules have more “don’t do this” than “do this instead” steps, fortunately the American Land and Title Association (ALTA) has issued best practice tips to shepherd title companies towards compliance. While these tips are not mandatory, following them can ease the burden of compliance. Amongst their recommendations:

  • Limit NPI access to only those who need it, such as a loan officer, when they need to access it
  • Conduct background checks on employees who will access NPI
  • NPI should only be transmitted via secure delivery methods, like encrypted email
  • Stay updated on federal and state security breach notification laws

3. Hope for the Best, Prepare for the Worst

Since you’ll be dealing with NPI frequently, it’s imperative that your organization is prepared in case of a data breach, especially if you choose to not encrypt your email. Many states vary in timelines to disclose a breach, how they define a breach, and how much they fine for an infraction. You can prepare your organization for a data breach by establishing standards when handling NPI on the front end and educating your team on what do in case of a data breach on the back end.

A breach NPI privacy can be easy as sending an Estimate or a Disclosure to the wrong inbox. Email Encryption from AppRiver features a message recall feature where you can retract an email after it has been sent, as well as tracking tools so you can see who has read it.

If you’re ready to learn more about how email encryption can keep you compliant, contact us at (866) 233-4645 or sales@appriver.com.

 

Very soon, major changes are coming to the title industry. On October 3, 2015, Truth in Lending Act and Real Estate Settlement Procedures Act (TILA-RESPA) will add a new set of regulations to the title industry to help safeguard consumers from non-public information (NPI) data breaches. While this is a win for consumers, it can leave title companies vexed as they try to determine the best course for compliance with the new regulations.

Fortunately, the American Land Title Association (ALTA) has issued NPI best practices guidelines for title companies. While the guidelines are not mandatory, they can ease the burden of research on small title companies by showing them the easiest way to protect their clients and themselves. Between July and December 2014, over $19 million in remediation was paid out to more than 92,000 consumers for infractions with Consumer Financial Protection Bureau (CFPB) compliance regulations. As the regulations toughen in October, this number can only be expected to rise.

One of the simplest ways to keep your business compliant is with email encryption. As recommended by the ALTA’s Best Practices Pillar 3, email encryption can help you stay compliant by sending NPI securely, mitigating the risk of a data breach via unsecure email. AppRiver’s email encryption service, CipherPost Pro™ includes an FYEO feature and message tracking, freezing and recalling options, helping to ensure than sensitive data is received only by its intended recipients.

 

Over the past week we have been monitoring (and blocking) a stream of malicious emails attempting to pose as legitimate Amazon purchase confirmations. The messages simply state that your order has been confirmed and contains a small amount of details. The user being target is directed to the attached .doc file for the shipping and tracking details.

amazon malware

In order for the .doc (MD5sum=998692c0e93d4821c069aa96ddff800c) to actually infect the user’s machine they must have Macro’s enabled for MS Word. Thankfully for most users, Macros are disabled by default in current versions. However, for those who already have it enabled or chose to follow the prompt and enable them an infection will occur. The malware contained in these messages is identified as part of the Fareit malware family. This family of malware is often distributed via Word documents with malicious macros embedded and has been known to drop multiple malware variants on the target machine.

In this particular case the malware quickly goes to work attempting to steal your Outlook password along with website passwords from various browsers such as Firefox, IE, Chrome and Opera. It then attempts to harvest account credentials for a lengthy list of FTP and multiple file storage programs. In addition it begins pilfering the target machine for just about every type of Crypto currency in existence. Including:

callout3This behavior (stealing Crypto currency) is something we have been seeing with more frequency as of late. The anonymous nature and lack of regulation in the Crypto Currency market make it more akin to stealing actual cash than to committing wire fraud by raiding someones online bank accounts. But in this case the cybercriminals are  o.k. with that too… The last observed behavior was to drop a copy of the Zeus Trojan to be used to capture and steal bank related information.