Tidal Wave of Malicious Email URLs Uncovered by Proofpoint Researchers

February 12, 2015
Gary Steele

Sony Pictures has spent approximately $15 million in investigation and remediation costs related to its recent cyberattack—and last week Anthem reported the largest healthcare data breach on record. There is no doubt that breaches are extremely costly, and can jeopardize a company’s reputation, brand equity and ultimately the bottom line.

It should therefore come as no surprise that President Barack Obama will announce a cybersecurity executive action tomorrow at the White House Summit on Cybersecurity and Consumer Protection at Stanford University. It is expected that the executive action will work to expand information sharing between the public and private sectors to increase our country’s cybersecurity defense. So what does the federal focus on cybersecurity mean to organizations?

Shifting cybersecurity strategy: technology, people and process

Now is the time for security teams and executives to proactively examine cybersecurity strategies—and communicate the urgent need to deploy a comprehensive, advanced security strategy to their leadership team and board of directors. Effective cybersecurity strategy goes beyond buying more detection technology. Yes, security teams must have advanced threat solutions that can detect and stop the new generations of sophisticated threats. No organization should be blindly renewing that four-year old anti-spam subscription and trusting it will block advanced targeted attacks.

But security doesn’t stop at a detection systems upgrade.

Information flow is also crucial. Combating modern cyberattacks requires efficient interaction of security technology, process and people. Beyond detection systems, security teams also need technology and process to best understand, prioritize and deploy skilled staff appropriately. Our research shows this is especially important given the tidal wave of incoming threats.

New research findings: the attack tidal wave

Ironically, Gartner Research, Verizon, and others have pointed out that many of the worst breaches – from Target, to the New York Times, and likely Anthem, all sprang from a decades-old technology: email. To that point, Proofpoint’s worldwide cybersecurity research team recently performed an analysis of our data on email from 2014 and saw a decrease in the overall volume of unsolicited email, but a dramatic increase in its maliciousness.

Key 2014 findings your executive team can reference, when emphasizing the importance of ramping up your organization’s advanced threat solutions, include:

  • The decline in overall volume of unsolicited email was outweighed by a dramatic increase in maliciousness. Attackers generated more URLs (and sent each URL to a smaller number of recipients) to improve the chances of evading blocking by URL reputation filters, and the URLs generally used more sophisticated exploits.
  • A higher proportion of unsolicited emails contained malicious URLs. The percentage of malicious URLs in unsolicited emails surged to an average of 10 percent in 2014. The year also saw a “new normal” of extremely high spikes over multiple days, including multiple occasions where the percentage of malicious URLs in unsolicited emails exceeded 40 percent.
  • The daily volume of unsolicited messages dropped by 56 percent in 2014. Rates dropped significantly after June 2014, when the GameoverZeus (June) and Kelihos (September) botnets were disrupted.

Clearly cybercriminals will continue to use email as a primary vector to break into organizations and compromise systems. In the face of a tidal wave, organizations cannot match attackers on a one-to-one basis. That’s where the technology, people and process strategy becomes critical. Security for the modern enterprise is always evolving. You are either evolving with it—or you’re not secure.