GULF BREEZE, Fla. – Necurs, a nasty piece of malware, is back with a vengeance, according to the security research team at AppRiver.
In its most recent Global Security Report, the company notes that the infamous botnet’s return is a major reason for the escalation in malware activity—which clocked in at 4.2 billion malicious emails and 3.35 billion spam emails between April 1, 2016, and June 30, 2016. For the first time, the report also includes metrics from Web-borne threats, reporting an average of 43 million unique threats daily throughout the second quarter.
AppRiver quarantined 4.2 billion emails containing malware in the second quarter, pointing to a continued increase in malware traffic this year and resulting in total of 6.6 billion emails quarantined during the first half of 2016.
For comparison, analysts observed 1.7 billion emails containing malware during all of 2015.
Ransomware levels, as predicted in the first quarter Global Security Report, increased as well, and arguably pose the greatest threat. AppRiver’s security researchers predict that the massive volume of malware isn’t likely to subside anytime soon. With weapons like Locky and Zepto kidnapping users’ files until they pay a ransom, malware – especially ransomware – is a business of its own.
“On the Dark Web, organized crime groups have the ability to purchase botnets that unleash ransomware, such as the very popular Locky variant, that help to keep themselves in business and to fund other criminal activities,” said Troy Gill, manager of security research, AppRiver. “Its easy accessibility, coupled with victims’ willingness to pay to get their files back, contribute to its massive scope.”
“Email and malvertising remain popular ways to trick victims into downloading malware,” said Jon French, security analyst, AppRiver. “It’s as easy as email posing as a faux FedEx receipt requiring the victim to open a .zip attachment to view said receipt, except when the victim opens it, it downloads a malicious payload onto the computer that encrypts all of its files.”
The company did notice a brief dip in malware traffic from June 1, 2016, until June 20, 2016.
“The Necurs botnet went conspicuously quiet over that two-week period,” said Gill. “Around the same time, members of a major Russian organized crime group, Lurk, were arrested. While we can’t definitively link the two, we do know that had Necurs not been taken offline, malware traffic certainly would have been much higher.”
Fifty-five percent of spam and malware traffic originated in North America, with Europe coming in second place. Additionally, AppRiver’s SecureSurf Web filtering detected a spike in phishing attempts in June.
To prevent malware attacks, AppRiver recommends the following steps:
- Antispam and antivirus solutions, including protection against Web-borne malware;
- Routine, mandatory software updates so that known vulnerabilities are patched;
- Double authentication procedures as a safeguard against “whaling” and other highly targeted attacks; and,
- Formal security policies and ongoing training to keep employees up to date and aware of their individual role in protecting company networks.
AppRiver has included more details on these attacks and statistics within its Q2 Global Security Report.
AppRiver offers cloud-based cybersecurity and productivity services to 47,000 companies worldwide, with more than 10 million mailboxes under its protection. Launched in 2002 as a spam and virus filtering company, AppRiver added Web malware protection, email encryption, secure archiving and email continuity to its suite of security services. The company also provides Office 365 and Secure Hosted Exchange. All services are offered on a pay-as-you-use basis with a free, fully supported 30-day trial and 24/7 U.S.-based Phenomenal Care. The company claims to maintain an annual 93 percent customer retention rate. AppRiver is headquartered in Florida and maintains offices in Georgia, Texas, New York, Switzerland and Spain. To learn more, visit AppRiver’s website.