November edition of the Symantec Intelligence report provides the latest analysis of cyber security threats, trends and insights from the Symantec Intelligence team concerning malware, spam, and other potentially harmful business risks. The data used to compile the analysis for this report includes data from January through September 2012.
We gathered data on breaches that have occurred so far in 2012 and organized them by the types of information included in the breach. We then organized each type as a percentage of overall breaches, ultimately showing how often the information was exposed across all breaches.
In November, the global ratio of spam in email traffic rose by 4.0 percentage point since October, to 68.8 percent (1 in 1.45 emails). This follows the continuing trend of global spam levels diminishing gradually since the latter part of 2011.
Saudi Arabia overtook Hungry to become the most spammed geography in November, with a spam rate of 83.9 percent.
The Education sector was the most spammed industry sector in November, with a spam rate of 70.9 percent; the spam rate for the non-Profit sector was 70.0 percent. The spam rate for the Gov/Public sector was 69.4 percent.
The spam rate for small to medium-sized businesses (1-250) was 69.4 percent, compared with 68.8 percent for large enterprises (2500+).
Spam Attack Vectors
November highlights the increase in spam emails resulting in NDRs (spam related non-delivery reports). In these cases, the recipient email addresses are invalid or bounced by their service provider.
NDR spam, as shown in the chart above, is often as a result of widespread dictionary attacks during spam campaigns, where spammers make use of databases containing first and last names and combine them to generate random email addresses. A higher-level of activity is indicative of spammers that are seeking to build their distribution lists by ignoring the invalid recipient emails in the bounce-backs. The list can then be used for more targeted spam attacks containing malicious attachments or links. This might indicate a pattern followed by spammers in harvesting the email addresses for some months and using those addresses for targeted attacks in other months.
In November, the global phishing rate decreased by 0.124 percentage points, taking the global average rate to one in 445.1 emails (0.225 percent) that comprised some form of phishing attack.
Analysis of Phishing Web sites
The overall phishing increased by about 8.5 percent this month. Unique domains decreased by about 14 percent as compared to the previous month.
Phishing websites that used automated toolkits increased by 37 percent. Phishing websites with IP domains (for e.g. domains like http://255.255.255.255) decreased by about 19 percent. Webhosting services comprised of 2 percent of all phishing, a decrease of 29 percent from the previous month. The number of non-English phishing sites decreased by 8 percent. Among non-English phishing sites, French, Italian, Portuguese, and Chinese were highest in November.
Tactics of Phishing Distribution
Organizations Spoofed in Phishing Attacks, by Industry
The global ratio of email-borne viruses in email traffic was one in 255.8 emails (0.391 percent) in November, a decrease of 0.05 percentage points since October.
In November, 13.0 percent of email-borne malware contained links to malicious websites, 10.6 percentage points lower than October.
Web-based Malware Threats
In November, Symantec Intelligence identified an average of 1,847 websites each day harboring malware and other potentially unwanted programs including spyware and adware; an increase of 97.9 percent since October. This reflects the rate at which websites are being compromised or created for the purpose of spreading malicious content. Often this number is higher when Web-based malware is in circulation for a longer period of time to widen its potential spread and increase its longevity.
As detection for Web-based malware increases, the number of new websites blocked decreases and the proportion of new malware begins to rise, but initially on fewer websites. Further analysis reveals that 33.3 percent of all malicious domains blocked were new in November; a decrease of 5.2 percentage points compared with October. Additionally, 11.0 percent of all Web-based malware blocked was new in November; a decrease of 0.01 percentage points since October.
The chart above shows the increase in the number of new spyware and adware websites blocked each day on average during November compared with the equivalent number of Web-based malware websites blocked each day.