Vulnerabilities / Threats
7/3/2013
01:36 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

AppRiver Releases Mid-Year Global Threatscape Report

Report includes new section on malware most frequently discovered by AppRiver's SecureSurf platform

GULF BREEZE, FL -- July 2, 2013 -- AppRiver, LLC, a leading provider of email messaging and web security solutions, today released its mid-year Global Threatscape Report, a detailed analysis of web and email-borne threats and malware trends traced between January and June 2013.

During the first half of 2013, AppRiver screened more than 15 billion messages, nearly 13 billion of which were spam and another 171 million that carried viruses. Once again, the United States was the leading country of origin for spam email messages, but to the surprise of many, servers in the former Soviet republic of Belarus logged the second-highest total from January through June.

New to the Global Threatscape Report is a section on the malware most frequently discovered by AppRiver's SecureSurf&trade platform. At present, SecureSurf&trade is blocking more than 4.2 million unique malware locations, which can include URLs, domains, URL patterns or IP addresses.

Over the past six months, exploits accounted for the overwhelming majority of the malware blocked by AppRiver's filters. Exploits are pieces of code that open the door to a user's device so that a remote system can later take control of it. The device might then be incorporated into a botnet, or it might download a key-logger that steals account numbers and passwords.

In three new videos available at http://appriver.wistia.com/projects/ngpd8jxxqo, AppRiver Security Analysts Fred Touchette, Troy Gill and Jon French discuss highlights from the report, including:

Events-Some of the bigger stories surrounding email and web threats over the past six months include malware campaigns leveraging the Boston Marathon bombings, the continuing rise of mobile malware, and DSD: a distraction technique used by cybercriminals as they're emptying your bank accounts.

"If you notice a deluge of spam in your email inbox, it's best not to try to monitor your email, but instead go directly to your account(s) activity because the people behind this spam blast have somehow obtained your personal account information and email address," says Touchette. "In order to hide purchase receipt emails or balance transfer confirmation emails, the attackers, just before they make the illegal transactions, turn on this deluge of spam email in order for these very important emails to get lost in the flood. These fraudulent transactions need to be caught fast so that they can be stopped at the financial institution before they're finalized."

Vulnerabilities-When it comes to vulnerabilities in end user client systems, the Java platform and Adobe Flash have been most targeted by the bad guys. As for server side vulnerabilities, some of the biggest exploits so far in 2013 have included cross-site scripting, cross-site request forgery, broken authentication systems, Ruby vulnerabilities, universal plug and play problems, and an Adobe issue with ColdFusion. The toolkits

responsible for many of these exploits include Blackhole, followed closely by Fiesta, and this year's big up and comer - RedKit.

Metrics-In addition to the familiar data regarding email spam and viruses, this report includes some baseline data about web-based malware that AppRiver will track over the months ahead. As web-based malware and "drive-by downloads" become more widespread, this data will expose trends and patterns that can help improve security for users.

The Cyber World-This section of the report discusses major cybercrime arrests like that of Hamza Bendelladj for leading a major Zeus botnet, along with Hacktivism activities, and the evolution of cyber espionage from simple murmurings to mainstream conversation with attention-grabbing incidents such as Stuxnet, targeting a very specific system for enriching Uranium in a very specific location, not to mention the talk of cyber exchanges between the U.S. and China.

"The Internet has far evolved beyond a simple means to share information; it is now a tool to be used for nearly anything, good or bad," says Gill. "We've moved on from the whispers and suspicions of cyber espionage to governments openly discussing the fact that these are a common tactic for a new world. All sides, mostly, admit to either foraging for big data to help gain governmental or business advantages, or to directly attacking systems, or to pilfering through critical infrastructures."

For a full copy of AppRiver's mid-year Global Threatscape Report, please visit: http://www.appriver.com/resources/threat-and-spamscape-reports/GlobalThreatScapeReport_6MonthEdition.aspx.

About AppRiver

AppRiver is a Software-as-a-Service (SaaS) provider offering award-winning email and Web security solutions to businesses of all sizes. Understanding the need to protect networks from today's increasingly complex IT threats, AppRiver offers businesses a comprehensive, yet affordable subscription-based solution that incorporates the latest spam and virus protection, email encryption and Web security on the market. In addition, the company provides a complete managed service for Microsoft Exchange, as well as a bundled Office 365 solution. Since its inception, AppRiver has sustained an impressive 93% customer retention rate

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: LOL.
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6213
Published: 2014-04-19
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.

CVE-2013-6214
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042.

CVE-2012-0871
Published: 2014-04-18
The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.

CVE-2012-6646
Published: 2014-04-18
F-Secure Anti-Virus, Safe Anywhere, and PSB Workstation Security before 11500 for Mac OS X allows local users to disable the Mac OS X firewall via unspecified vectors.

CVE-2013-4279
Published: 2014-04-18
imapsync 1.564 and earlier performs a release check by default, which sends sensitive information (imapsync, operating system, and Perl version) to the developer's site.

Best of the Web