Necurs is back with a vengeance, according to the security research team at AppRiver. In its Q2 Global Security Report, the company notes that the infamous botnetâs return was one of the major reasons behind the escalation in malware activityâwhich clocked in at 4.2 billion malicious emails and 3.35 billion spam emails between April 1, 2016, and June 30, 2016. For the first time, the report also includes metrics from Web-borne threats, reporting an average of 43 million unique threats daily throughout the second quarter.
AppRiverâs security analyst team quarantined 4.2 billion emails containing malware in Q2, pointing to a continued increase in malware traffic this year and resulting in total of 6.6 billion emails quarantined during the first half of 2016. For comparison, analysts observed 1.7 billion emails containing malware during all of 2015.
Ransomware levels, as predicted in the Q1 Global Security Report, have increased this quarterâand arguably pose the greatest threat to netizens. AppRiverâs security researches predict that the massive volume of malware isnât likely to subside anytime soon. With the likes of Locky and Zepto kidnapping usersâ files until they pay a ransom, malwareâespecially ransomwareâhas become a business of its own.
âOn the Dark Web, organized crime groups have the ability to purchase botnets that unleash ransomware, such as the very popular Locky variant, that help to keep themselves in business and to fund other criminal activities,â said Troy Gill, manager of security research, AppRiver. âIts easy accessibility, coupled with victimsâ willingness to pay to get their files back, contribute to its massive scope.â
The popular channels that malware, like ransomware, travel through include obfuscated JavaScript, malicious macros, and OLEs (Object Linking and Embedding). âEmail and malvertising remain popular ways to trick victims into downloading malware,â said Jon French, security analyst, AppRiver. âItâs as easy as email posing as a faux FedEx receipt requiring the victim to open a .zip attachment to view said receipt, except when the victim opens it, it downloads a malicious payload onto the computer that encrypts all of its files.â
The company did notice a brief dip in malware traffic from June 1, 2016, until June 20, 2016. âThe Necurs botnet went conspicuously quiet over that two-week period,â said Gill. âAround the same time, members of a major Russian organized crime group, Lurk, were arrested. While we canât definitively link the two, we do know that had Necurs not been taken offline, malware traffic certainly would have been much higher.â
Fifty-five percent of spam and malware traffic originated in North America, with Europe coming in second place. Additionally, AppRiverâs SecureSurf⢠Web filtering detected a spike in phishing attempts in June.
To prevent malware attacks, AppRiver recommends organizations have the following systems in place:
· Antispam and antivirus solutions, including protection against Web-borne malware
· Routine, mandatory software updates so that known vulnerabilities are patched
· Double authentication procedures as a safeguard against âwhalingâ and other highly targeted attacks
· Formal security policies and ongoing training to keep employees up to date and aware of their individual role in protecting company networks
AppRiver has included more detail on these attacks and statistics within its Q2 Global Security Report. To read the full report and watch AppRiverâs security analystsâ round table discussion on its findings, visit https://www.appriver.com/about-us/security-reports/global-security-report-2016-quarter-2/.