Spam is back with a vengeance, thanks to the demise of attack vectors such as Adobe Flash.
Spam click-rates are up in 2018. Last year, 13.4 percent of spam messages that made it into inboxes were clicked on. So far, in 2018 that percentage has jumped to 14.2 percent.
The numbers come from F-Secure, which reported Wednesday on the sorry state of users’ better judgment when it comes to clicking on potentially malicious missives in inboxes.
The study points out the obvious – spam is still popular because it works. More interestingly, researchers said spam-based malicious attacks are up because other attack vectors are going away.
“The demise of Adobe Flash as one of the most popular plugins on websites has shifted criminals away from exploit kits, which enabled the attack vector known as drive-by downloads,” researchers wrote. They believe that the discontinuation of Flash support might eventually lkill off exploit kits as a viable business model for attackers altogether.
“We’ve reduced criminals to spam, one of the least-effective methods of infection,” said Sean Sullivan, an F-Secure security adviser.
The spam report also revealed that of those unwanted messages delivered in the spring of 2018, 23 percent were emails with malicious attachments, and 31 percent contained links to malicious websites. Another 46 percent were dating-service scams. Also, just five file types (ZIP, .DOC, .XLS, .PDF, and .7Z) make up 85 percent of malicious attachments.
The report concluded that spam will continue to be a scourge: “Anti-malware is containing nearly all commoditized, bulk threats. And honestly, I don’t see anything coming over the horizon that could lead to another gold rush, so criminals are stuck with spam,” Sullivan said.
Threatpost editors Tom Spring and Lindsey O’Donnell talk about the week’s biggest news.
Senator sends letter to NSA and NIST urging a mandate to stop using Adobe Flash by August 2019.
Hundreds of thousands of emails are delivering weaponized PDFs containing malicious SettingContent-ms files.
Join thousands of people who receive the latest breaking cybersecurity news every day.