eleven E-Mail Security Report December 2012: More And More Spam Coming From Europe

Berlin, January 8, 2013 - The threat level in the field of e-mail security increased in 2012 and will continue to do so in 2013 ? despite the fact that spam levels decreased by 53% in 2012 as compared to 2011. Those were the results of analyses performed by the Eleven Research Team which investigated e-mail security trends for 2012 and provides an outlook of coming trends in 2013. Eleven experts? conclusion: the share of particularly dangerous e-mails such as malware messages, drive-by attacks, and targeted phishing e-mails considerably increased in 2012. That also heightened the average level of danger for individual unwanted e-mails. More spam, malware, and phishing e-mail is being specifically sent to targeted circles of recipients and is becoming increasingly difficult to differentiate from legitimate messages. From the point of view of the Eleven Research Team, the trend from pure quantity toward a mixture of bulk and highly professional campaigns of unsolicited and dangerous e-mails will also continue in 2013.

The five most important e-mail security trends in 2012

1. 2012 was the year of targeted spam, malware, and phishing campaigns. Eleven observed a significant increase in country-specific campaigns written in each country?s national language and which use brands popular in each respective country as bait. These efforts are made in an attempt to significantly increase the number of e-mails opened. 2. The role of particularly dangerous e-mail attacks increased in 2012: while spam levels decreased by more than 50% in 2012, levels of malware sent via e-mail skyrocketed. For known viruses, that increase was 226%; for virus outbreaks, it was 153%. The share of known viruses out of all e-mail increased from 0.06 to 0.4%; new malware increased from 0.04 to 0.5%. Simultaneously, spam shares decreased from 87.4% to 75.8%. 3. 2012 marked the first year in which drive-by attacks played a key role in spreading malware. In drive-by attacks, e-mails are sent that attempt to lure recipients into clicking a link in the message. If the website is opened in a browser, the computer is infected with malware. Drive-by e-mail comprised nearly one tenth of all spam e-mail for the first time in September 2012. 4. Spear phishing became a serious issue in 2012. The spectrum ranged from targeted attacks on very small groups of recipients, e.g. employees at a particular company, to phishing e-mails sent to individual recipients. The information needed generally comes from hacking attacks. 5. There were significant fluctuations with regard to the countries of origin for spam in 2012. For example, in the period from August to November, there were four different frontrunners in terms of spam sources. This indicates that spammers frequently change spamming infrastructures to avoid the consequences of botnet shutdowns.

Five trends for 2013

1. The trend toward targeted attacks will continue. It can be assumed that country-specific campaigns for spam, malware, and phishing will become the norm in 2013 and that target groups will be increasingly narrowed down. 2. 2013 will be the year of spear phishing. Since emerging from the pilot phase in 2012, they are set to become a key weapon in online criminals? arsenal in 2013. It can be expected that especially critical areas, such as government authorities, will be targeted by spear phishers. 3. The prerequisite for successful spear phishing is recipient data that is as detailed as possible. Online criminals will be focusing on obtaining such information in 2013. It can thus be expected that the number of hacking and phishing attacks that try to get to such data will noticeably increase. 4. Spam trends in 2013 will be subject to stronger fluctuations with regard to spam levels, topics, and countries of origin. Shorter spam waves, longer breaks in between, and quick changes in infrastructure are all part of a strategy that make spam less calculable and which should reduce the consequences of botnet takedowns. 5. Malware campaigns are increasingly targeting users and companies who only rely on signature-based anti-virus solutions and do not use early virus detection . The majority of such waves are thus sent at the start of the campaign and therefore before traditional virus scanners are updated.

More detailed information about the e-mail security trends of 2013 are available in the regular Eleven E-Mail Security Reports at http://www.eleven.de/eleven-security-reports.html.

Eleven on Twitter: http://www.twitter.com/elevensecurity

Eleven - E-mail security "Made in Germany" Eleven is a leading e-mail security provider based in Germany. Its unique eXpurgate technology offers a spam filter and e-mail categorization service that protects the user reliably against spam and phishing, detects potentially dangerous e-mail and can distinguish between individual messages and any kind of mass e-mail. eXpurgate also offers numerous virus protection options and a powerful e-mail firewall.

Over 45,000 companies of all sizes use eXpurgate to check and categorize more than a billion e-mail messages every day. Customers include Internet service providers and telecommunication carriers such as T-Online, O2, Kabel Deutschland, 1&1 and freenet as well as many well-known companies and public institutions, including Air Berlin, BMW, the Federal Association of German Banks, DATEV, the Free University of Berlin, Landesbank Berlin, RTL, SAP, ThyssenKrupp and Tobit Software AG. For more information, visit our website at: http://www.eleven.de.