Proofpoint has released its mid-year threat report which analyses what the threats of 2015 to-date can tell us about the evolving threat landscape.
Reviewing the first six months of 2015, the main trends that emerge are:
The EU sends out the most unsolicited mail
As in 2014, the volume from each country as a percentage of total unsolicited email was relatively constant, with the EU consistently accounting for around 15 percent of total unsolicited email, and the others accounting for single-digit percentages.
Decline in unsolicited mail - reaching levels not seen since 2012
As noted in the 2014 Threat Report, the 2014 net decrease in message volume seems counterintuitive in light of the number and severity of data breaches and compromises that were made public in the second half of 2014; however, what was lost in volume was more than made up for in maliciousness. The first six months of 2015 have seen a continuation of this downward trend, with average daily volumes reaching levels not seen since 2012.
Shift to attachment-based campaigns
The most striking development of the first six months of 2015 was a massive shift of threat activity from the URL-based campaigns that had dominated 2014, to campaigns that relied on malicious document attachments to deliver malware payloads. Malicious attachments have dominated the campaigns of 2015 to date, driven by the massive volumes of attachments and messages delivered by the Dridex campaigners as well as other botnets.
Change in phishing techniques targeting business users
Cybercriminals have shifted focus from consumers to business users. This shift was perhaps nowhere more apparent than in the message templates attackers used in 2014, and a year-over-year comparison highlights the new focus on business users.
Social media increasing as a source of brand and compliance risk
During the first six months of 2015, Proofpoint Nexgate social media security researchers found that the efficiencies gained in distributing malicious content via social media continue to make it an attractive channel for hackers and scammers. A single phishing lure, malware link or spam message posted to a high profile corporate social media destination may be viewed by ten thousand or more potential victims.
The full report is available here.