This past month of January we saw a pretty incredible spike in virus traffic. Other unsolicited emails ebbed and flowed throughout the month resulting in a regular average amount of traffic after all was said and done.
The biggest news that everyone was talking about at the top of the2014 was all of the major breaches that made the headlines. Target was the first to enter the spotlight first announcing that between the period of Black Friday and December 6th malware that was placed directly on their POS systems siphoned off around 40 million customer credit and debit card numbers as well as information associated with those accounts. Though as time went on that number began to increase, first to 70 million and then on to over 100 million accounts compromised. After Target other companies began announcing similar breaches including Neiman Marcus and Michael’s.
This brought to light new strains of malware that were written to attack right at the source, at the point of sale itself. The moment customers swiped their cards in-store at the business, the malware would take all of that card information directly from RAM on the POS computer. Several variants of this POS malware began to surface that used this very technique known as RAM scraping. Malware such as BlackPOS, Alina, Dexter and vSkimmer to name a few have become popular in underground forums.
BlackPOS or Kaptoxa as it’s known to some was accredited as the malware used in the Target breach. It was being sold at the time for around $2000 USD by a Russian seventeen year old named Sergey Taraspov who authored the malicious code. Even though Taraspov created this malware it is assumed that he was not to blame for the attacks on these major retailers, rather it was one of Sergey’s customers that was responsible for this major breach.
In addition to these attacks, Yahoo also announced a major breach of their email accounts. Though not related to the Target, Neiman Marcus breaches, this one also proved to be rather alarming. The goal here for the attackers was passwords. Once the Yahoo users’ passwords were stolen from a third party database hack, the attackers then accessed and monitored email for these accounts looking for mentions of other accounts that the victims may have, such as bank accounts or even other email accounts. The attackers then attempted to use the stolen Yahoo passwords on other accounts owned by the victims. For those who like to use the same password across several accounts, this proved to be a costly security oversight. We’ve said it a thousand time before and we’ll continue to ad nauseum, in addition to making sure your password is strong, never use the same one twice and the Yahoo breach is a perfect example as to why.
Here are a few metrics that we saw in January:
Though traffic was close to normal, the four day spike from the 7th-10th was enough to push this month’s total virus message count to the highest monthly total since Q3 of 2008. (269,108,311 virus-laden messages were quarantined in January 2014.) The traffic on Jan.7th-10th was roughly 40 times the daily average, which is typically about 2+million emails containing a virus attachment.
Spam was high and low throughout the month which led to an average total for January. 2,501,096,184 messages were quarantined total in January.