Email & Web Threat Trends
Prepared by Spamina Labs, this report provides an insight into the trends in email and Internet security as observed through Spamina services over the course of the second half of 2011 (July to Dec). Spamina Labs is a team of specialized security experts who analyze and interpret data across the complete geographic and industry spectrum of Spamina SaaS clients. It is the function of Spamina Labs personnel to monitor how Spamina services are performing and to measure and improve their effectiveness against current and emerging threats.
Part of the role of Spamina Labs is to help inform and educate clients on the performance of Spamina services and raise awareness of key trends developing in cloud security. This report provides an insight into the latest events in Internet security and how clients are benefiting from Spamina SaaS.
Part of the role of Spamina Labs is to help inform and educate clients on the performance of Spamina services and raise awareness of key trends developing in cloud security. This report provides an insight into the latest events in Internet security and how clients are benefiting from Spamina SaaS.
Web Security
Web Categories
Web traffic data in the second half of 2011 showed a substantial reduction in the relative percentage of requests for News-oriented Web content. Social Media grew considerably as steady demand for sites like YouTube and associated advertising pushed out other traditional Top 10 categories. Requests for Personal & Social categories, such as Facebook and Twitter, also dropped significantly as a percentage of traffic from 2010 and early 2011.
As more users accessed Social Media web content, associated links to Web Hosting and Advertising content increased dramatically, highlighting that increased use of sites like YouTube has a corresponding increase in advertising and tracking services.
As more users accessed Social Media web content, associated links to Web Hosting and Advertising content increased dramatically, highlighting that increased use of sites like YouTube has a corresponding increase in advertising and tracking services.
FIGURE 1a: This chart shows the significant roles that the Search, Hosting, Social Media and Advertising categories played in generating almost 50% of web requests. Note the contrast in Social Media in this chart (11 percent of Hits) with the following chart (1b) , highlighting Social Media’s consumption of over 18 percent of bandwidth.
FIGURE 1b: This chart shows the major bandwidth consuming Web categories. Social Media and Hosting tops the chart at 28 percent and 16 percent respectively. The next biggest categories are Streaming Media (non-user driven media content) and Entertainment at 5 and 4 percent respectively. Combining Social and Streaming Media categories together, Web based audio/video content accounts for a third of all bandwidth.
File Downloads
Downloads showed some noticeable shifts in bandwidth trends. Flash video content, which has routinely exceeded 70% of data usage, fell to 57.7%.
This chart highlights the overwhelming bandwidth used by streaming media file types.
So, interpreting this data, Social Media is not only popular, it accounts for a significant volume of bandwidth consumption. Sites such as YouTube may not only be a drain on customer bandwidth but also on productivity. There is no doubt that there is a great deal of business and educational value in Social Media but it seems to account for a disproportionately large volume of requests and data usage. This suggests that Social Media use is something that individual customers may wish to investigate further and ensure that use is appropriate.
This chart highlights the overwhelming bandwidth used by streaming media file types.
FIGURE 2: This chart highlights the considerable bandwidth used by streaming media audio and video file types. MP4 and MP3 file types combined accounted for 44 percent of all downloaded bandwidth.
So, interpreting this data, Social Media is not only popular, it accounts for a significant volume of bandwidth consumption. Sites such as YouTube may not only be a drain on customer bandwidth but also on productivity. There is no doubt that there is a great deal of business and educational value in Social Media but it seems to account for a disproportionately large volume of requests and data usage. This suggests that Social Media use is something that individual customers may wish to investigate further and ensure that use is appropriate.
Malicious Websites
Hacking legitimate websites for the purposes of spreading malware is an increasingly common Web-based threat. In particular, Websites such as Facebook and Twitter are a major target for the distribution of malicious URL links. Another increasingly common distribution method for malicious URLs is known as search engine poisoning. This approach abuses SEO (Search Engine Optimization) tricks to falsely promote malicious URLs amongst the legitimate results from hot search engine topics, thus poisoning the search.
Every day Spamina SaaS clients are prevented from inadvertently accessing compromised Websites known to host malware or serve browser exploits. Figure 3 shows the average number of malicious Websites blocked per client for a given week. This chart reflects week to week changes in the volume of compromised Web links.
These figures fluctuate as increasing numbers of Spamina clients come online, however, this data provides a useful guide as to how prevalent compromised Web links are amongst actual users.
Figure 3 illustrates a key trend over the latter half of 2011. Average weekly malicious blocks per client have risen substantially. A critical aspect of this increase may be attributed to increasing numbers of ‘poisoned’ advertising links on some Social Media sites. As use of Social Media has increased so too may preventative blocks against suspicious advertising links account for some of this increase. A substantial rise in the volume of malicious email may also give a hint towards reasons for this growth. While Spamina blocks these messages, spammers/hackers are increasing relying less on email to distribute malicious links and are often turning to social Web communication networks to distribute links, such as Facebook and Twitter.
Every day Spamina SaaS clients are prevented from inadvertently accessing compromised Websites known to host malware or serve browser exploits. Figure 3 shows the average number of malicious Websites blocked per client for a given week. This chart reflects week to week changes in the volume of compromised Web links.
These figures fluctuate as increasing numbers of Spamina clients come online, however, this data provides a useful guide as to how prevalent compromised Web links are amongst actual users.
Figure 3 illustrates a key trend over the latter half of 2011. Average weekly malicious blocks per client have risen substantially. A critical aspect of this increase may be attributed to increasing numbers of ‘poisoned’ advertising links on some Social Media sites. As use of Social Media has increased so too may preventative blocks against suspicious advertising links account for some of this increase. A substantial rise in the volume of malicious email may also give a hint towards reasons for this growth. While Spamina blocks these messages, spammers/hackers are increasing relying less on email to distribute malicious links and are often turning to social Web communication networks to distribute links, such as Facebook and Twitter.
FIGURE 3: This chart illustrates a relative decline in the average number of blocked malicious sites per client. However, overall numbers of malicious websites seems to be trending upwards according to several industry sources. This decline in blocked malicious links may correspond closely with reduced malicious spam from the Pushdo botnet during Q3.
Email Security
Spam
Significant changes occurred in spam rates during the second half or 2011. Spam rates were dramatically reduced in late 2010, manly thanks to targeted efforts by Microsoft and anti-spam law enforcement to disrupt several key spamming botnets. This major reduction in spam continued for much of the first half of 2011 and into July. However, spam volumes finally jumped back up in August 2011 as new and rejuvenated botnets came back online.
It took spammers the best part of six months to bounce back and while the reduction in spam was welcome, it was not to last. The rejuvenation of spamming volumes during August-November seems to have hit a snag at the start of December as spam volumes took a sudden dive but yet again steadily recovered during the month.
This up-and-down trend in spam volumes looks set to continue in what is now a familiar pattern of cat and mouse. As authorities address key botnets, spammers will inevitably recover their bots or begin building new and improved ways of covering their tracks to stay one step ahead of anti-spam agencies.
It took spammers the best part of six months to bounce back and while the reduction in spam was welcome, it was not to last. The rejuvenation of spamming volumes during August-November seems to have hit a snag at the start of December as spam volumes took a sudden dive but yet again steadily recovered during the month.
This up-and-down trend in spam volumes looks set to continue in what is now a familiar pattern of cat and mouse. As authorities address key botnets, spammers will inevitably recover their bots or begin building new and improved ways of covering their tracks to stay one step ahead of anti-spam agencies.
FIGURE 4: Spam rates began to recover in August, increasing to as much as 94% of all incoming email before dipping again in early December.
FIGURE 5: India and Vietnam moved into the top spam rankings in the latter half of 2011; taking over from traditional key spam sources such as Russia, the United States, Brazil and China.
Malicious Email
Malicious email is email which includes a known malware attachment or contains a URL link to a known malicious Website (otherwise known as a blended email threat).
Over the course of the latter half of 2011, malicious email volumes spiked dramatically from a traditional average of around 1.5% to almost 10.0% of unwanted email. This substantial rise in malicious email (primarily aimed at growing botnets) may well be linked to the rapid growth in spam volumes around the August period. The initial peak of 9.96% has since subsided as anti-virus measures have caught up somewhat. However, malicious email volumes still remain high, typically averaging over 5.0% - approximately three times the average weekly volume of malicious email we observed in 2010.
Over the course of the latter half of 2011, malicious email volumes spiked dramatically from a traditional average of around 1.5% to almost 10.0% of unwanted email. This substantial rise in malicious email (primarily aimed at growing botnets) may well be linked to the rapid growth in spam volumes around the August period. The initial peak of 9.96% has since subsided as anti-virus measures have caught up somewhat. However, malicious email volumes still remain high, typically averaging over 5.0% - approximately three times the average weekly volume of malicious email we observed in 2010.
FIGURE 6: Malicious email rates grew sharply in August before settling at approximately 5 percent of all unwanted email in the latter months of 2011. This substantial rise in malicious email links may well be connected to the corresponding rise in spam volumes observed in 2H 2011.
Cloud based Security as a Service
Spamina develop and host a cloud based Security as a Service that addresses Email Security and Web Filtering.
Cloud-based Security as a Service solutions are becoming an increasingly popular and effective way for organisations to acquire enterprise-class security coverage but without the need to invest in additional hardware, administration and IT expertise.
Instead, Spamina, as the service provider builds and manages the infrastructure for end users. By delivering the services from shared resources in the datacenter this allows Spamina to offer competitive and predictable pricing.
Complementary Products
Architecture
Public Cloud
Spamina’s world class infrastructure of 17 global data centers ensures superior performance and low latency when processing an organisation’s email and Web traffic. Having multiple datacenters also allows us to control where email traffic is processed and where it is stored within defined geographic boundaries helping our customers to conform to the ever stricter data protection and business regulations.
Hybrid Cloud
The flexibility of Spamina’s platform allows Spamina to deliver what is being termed a “Hybrid” cloud solution. In this case the solution will function on a day to day basis through an organisations Private cloud installation but in the unlikely event of a massive failure in the infrastructure the load can be taken over by the Spamina Public cloud infrastructure.
Private Cloud
In certain circumstances organisations, whilst embracing the power of the cloud, have a requirement to maintain the processing of email and web security within their own organisation’s infrastructure. The Spamina Cloud platform can be installed at a customers site allowing the user to gain the benefit of a world class scalable solution, whilst remaining an internal solution, completely under the control of the customer.
