Study: Proofpoint Reports an Increase in Malicious URLs in Unsolicited Emails

Decline in overall volume of unsolicited email outweighed by dramatic increase in maliciousness

SUNNYVALE, Calif., – February 12, 2015 – Proofpoint, Inc., (NASDAQ: PFPT), a leading next-generation security and compliance company, today announced its worldwide cybersecurity research team saw a decrease in the overall volume of unsolicited email in 2014—but a dramatic increase in its maliciousness. Proofpoint also found greater variability in the countries primarily sending these malicious messages with the European Union (EU) holding the top spot for most of the year.

“Email clearly continues to be a dominant threat vector for cyberattacks, and the advanced malware delivered is more destructive, fast-acting and abundant than many organizations realize,” said Gary Steele, Proofpoint CEO. “Relying on legacy email systems for security doesn't work and is a false economy. The resultant breaches are extremely costly and can jeopardize a company’s reputation, brand equity and bottom line.”

The threat is so high that tomorrow the White House is expected to release an executive action expanding administration efforts to facilitate cyber security information sharing between the private sector and government entities.

“Information flow is crucial; combating modern cyberattacks requires efficient interaction between security technology, process and people,” Steele continued. “Buying another detection system isn't going to solve the issue for most organizations. Security teams also need the technology and process to best understand, prioritize and deploy skilled staff appropriately. Our research shows this is especially important given the tidal wave of incoming threats.”

Key 2014 findings include:

  • The decline in overall volume of unsolicited email was outweighed by a dramatic increase in maliciousness. Attackers generated more URLs (and sent each URL to a smaller number of recipients) in attempts to improve the chances of evading blocking by URL reputation filters, and the URLs generally used more sophisticated exploits.
  • A higher proportion of unsolicited emails contained malicious URLs. The percentage of malicious URLs in unsolicited emails surged to an average of 10 percent in 2014. The year also saw a “new normal” of extremely high spikes over multiple days, including multiple occasions where the percentage of malicious URLs in unsolicited emails exceeded 40 percent.
  • The daily volume of unsolicited messages dropped by 56 percent in 2014. Rates dropped significantly after June 2014, when the GameoverZeus (June) and Kelihos (September) botnets were disrupted.
  • At the end of 2014 malicious attachments played a much larger role in attackers’ campaigns. Banking Trojan Dridex campaigners and other botnets attempted to send massive volumes of attachments and messages.
  • China joined the EU, Russia and the United States in late 2014 to become a top source for sending unsolicited email. The year featured greater variety in the top sending countries for unsolicited email. The EU held the top spot for most of 2014, followed by the United States. That shifted in late 2014 with China taking the top spot with the EU close behind. Russia also consistently placed in the top five.
  • This source shift appears to reflect a change in attacker strategy to distribute their networks more broadly and look beyond the United States for a more reliable supply of unpatched and vulnerable computers to compromise.

Proofpoint’s in-depth analysis is based on intelligence from its flagship targeted attack protection security technology. Using advanced big data analysis, Proofpoint processes and models hundreds of millions of email messages and web URLs per day to ensure organizations have the industry's leading cloud-based threat classification and protection solution.

For more information about today’s findings and how to approach cybersecurity in 2015, please visit 

About Proofpoint, Inc.

Proofpoint Inc. (NASDAQ:PFPT) is a leading next-generation security and compliance company that provides cloud-based solutions for comprehensive threat protection, incident response, secure communications, social media security, compliance, archiving and governance. Organizations around the world depend on Proofpoint’s expertise, patented technologies and on-demand delivery system. Proofpoint protects against phishing, malware and spam, while safeguarding privacy, encrypting sensitive information, and archiving and governing messages and critical enterprise information. More information is available at


Proofpoint is a registered trademark of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.