Believe it or not, we got less garbage in our inboxes last year. Spam volume had declined 13 per cent in 2011 from 2010 levels, according to Kevin Haley of security vendor Symantec. The company’s director of security response made the surprising discovery when he analyzed the results of Symantec’s Internet Security Threat Report.
Mind you, Canada’s average spam volume, according to Symantec, is still 71.5 per cent of e-mail, so we have a long way to go – but any little bit helps.
Symantec is not the only security company to notice this phenomenon. McAfee Canada’s Doug Cooke says his company’s quarterly Threat Report also noted a decline in spam volumes. About one trillion spam messages are sent a month, he notes, but activity is slowing.
Check Point Zone Alarm’s product leader Skyler King says his company is seeing much the same thing.
So what’s going on? For one thing, people are becoming more aware. They’re less likely to click on links in random spam, so purveyors of malware and other scammers are forced to find new ways to get to their victims. And while e-mail still plays an important part in their schemes, it’s used more often in a direct attack rather than a general blast. One company, or even one key person, is the target.
It also helps that law enforcement agencies and their industry partners are getting better at bringing down the bot nets that spew spam, Mr. Cooke notes.
The attacks are sneakier, too, Mr. King says. In the past, a million machines might be infected in a single day, prompting rapid action by anti-malware vendors; now, however, infections are designed to spread slowly and stay under the radar. That gives them a longer shelf life; they lurk on consumer and corporate systems, gathering information that makes money for the spammers.
Another reason for the spam slow-down? Malware is moving to social media. “It’s viral by nature – perfect for malware authors,” Mr. Haley explains.
“There’s no doubt that social media platforms will continue to attract more attention from hackers and scammers,” says Carmi Levy, an independent tech analyst based in London, Ont. “After all, if you’re the kind of person who’d victimize others online, you’d likely want to target where your potential victims spend most of their time. As we spend more of our online time using these tools, it’s easy to conclude that the hacker element will follow.”
Social media is a great place for gathering information to be used in targeted attacks, too, Mr. Cooke notes. A would-be attacker can collect potential victims’ names, titles and departments, and find information about key areas such as finance, research and development and human resources. With that in hand, it’s relatively easy for them to craft plausible phishing attacks – when a hacker poses as a trusted source to “phish” for sensitive information.
People are more inclined to open messages and attachments that seem to come from their company CEO or their IT administrator, for example.
Mr. King says social media can also be a direct vector for an attack – scammers can embed a malicious link in a tweet or a Facebook post by hacking into the account. The viewer, thinking the message is from someone they trust, will click on it without thinking twice.
So, is it time to panic and change everything we’ve done to protect ourselves? Not necessarily.
“It’s too early to sound the social media-borne threat alarm,” Mr. Levy cautions. “Most of the same protective behaviours and processes that we’ve adopted to stay safe in our inboxes will apply just as nicely when a rogue tweet shows up in our tweet stream.”
In fact, Mr. Cooke says, anything new is automatically a malware magnet. Like most of us, hackers are drawn to the shiny new stuff.
But they don’t neglect the old, so we can’t afford to get sloppy.