Thanks for signing up, a member of the Global PR team will be in touch with you shortly.
“Email spam is once again the most popular choice for sending out malware,” says Päivi Tynninen, Threat Intelligence Researcher at F-Secure. “Of the spam samples we’ve seen over spring of 2018, 46% are dating scams, 23% are emails with malicious attachments, and 31% contain links to malicious websites.”
Spam has been one of the main infection vectors for decades, Päivi notes. “During the past few years, it’s gained more popularity against other vectors, as systems are getting more secure against software exploits and vulnerabilities,” she says.
The technique still relies on spewing out massive numbers of emails in order to snare a tiny number of users. And criminals continually refine their tactics to deliver to better results.
“Spam is becoming an increasingly successful attack vector, with click rates rising from 13.4% in the second half of 2017 to 14.2% in 2018,” says Adam Sheehan, Behavioral Science Lead at MWR InfoSecurity, the creators of phishd, a service that monitors and improves businesses' susceptibility to phishing and other data-related attacks. MWR was acquired by F-Secure in June of 2018.
While spam is a numbers game, MWR’s effectiveness model has identified certain tactics that play on recipients’ psychology to make spam more potent:
“Rather than just using malicious attachments, the spam we’re seeing often features a URL that directs you to a harmless site, which then redirects you to site hosting malicious content. The extra hop is an analysis evasion method for keeping the malicious content hosted for as long as possible,” Päivi says. “And when attachments are used, the criminals often attempt to avoid automatic analysis by asking the user to enter a password featured in the body of the email to open the file.”
You can hear Päivi and her fellow researcher Jarkko Turkulainen discuss spam and other current cybercrime trends on the latest episode of F-Secure’s Cyber Sauna podcast.
Nobody has better visibility into real-life cyber attacks than F-Secure. We’re closing the gap between detection and response, utilizing the unmatched threat intelligence of hundreds of our industry’s best technical consultants, millions of devices running our award-winning software, and ceaseless innovations in artificial intelligence. Top banks, airlines, and enterprises trust our commitment to beating the world’s most potent threats. Together with our network of the top channel partners and over 200 service providers, we’re on a mission to make sure everyone has the enterprise-grade cyber security we all need.
Founded in 1988, F-Secure is listed on the NASDAQ OMX Helsinki Ltd.
Sign up for media information from F-Secure.
Browse through our news by year.
Browse through our news by category.