Huge spam campaign drops Trojan on UK bank customers
Huge spam campaign drops Trojan on UK bank customers

There is no silver bullet for solving the rising spam problem says AppRiver security analyst Troy Gill, commenting to SCMagazineUK.com on his firm's just-published annual review of spam.

Users are increasingly receiving messages on mobile devices, making it clear that companies need an effective security policy - and the means to enforce that policy across their entire IT real estate - including employee plus BYOD mobile devices, says Gill.

"Many firms have no security policies in place, (and) it has become something of a free-for-all in defending mobile devices," he said, adding to the manpower required to defend all aspects of a company's network resource.

"We've also seen malware that actively seeks to discover what device you are accessing data on, and adapt its attack strategy accordingly," he told SCMagazineUK.com.

Coupled with social engineering attack vectors, this creates a complex situation, hence no silver bullet solves all the problems of advanced spam and malware.

AppRiver's annual analysis reveals that its filters identified and quarantined 128 percent more spam messages during 2013 than the year before – some 28.3 billion. Whilst spam is irritating, the report notes that it is messages containing malicious attachments that can prove exceptionally damaging and AppRiver's statistics confirm this is still a popular infection vector – having quarantined just over 479 million such messages during the year.

The security vendor has also seen a significant upward trend of malware delivered via malicious links.

AppRiver's report concludes that, as the attack surface within organisations continues to broaden through the widespread use of multiple operating systems, so will the attackers' methods and vectors.

"While these types of attacks have traditionally only targeted PC users, we are now seeing the emergence of cross-platform threats," says the report.

"We expect these to only increase in the future as cybercriminals have shown their adaptability, with no signs of relenting any time soon," the analysis adds.

Commenting on the report, Rob Bamforth, a Principal Analyst with business and security research house Quocirca, said that the spam - as well as rising in volume - is also diversifying and becoming more advanced in nature.

"Because more and more people are using more and more online services, we expect to receive emails from the service providers about these facilities. And whilst people have become wise to the fact that they will not receive requests for information from their bank, they will get the types of emails that hackers send, seeking information from their online service providers," he said.

Bamforth echoed Gill's comments that we - as users - are now accessing our Internet services on a wider variety of devices, and in doing so this opens the door to new spamming and malware opportunities for the cybercriminals.

"There are also many online services that users must use," he said, adding that online filing for the UK tax authority, HMRC, gives users greater exposure to spam attack vectors than ever before.

Mot people are well aware of the security problem cause by spammers, but even the most sophisticated online user can still be caught out, usually because of the high levels of plausibility and sophistication that the latest messages employ.