John Christian at TheOutline wrote a post that made me take notice because it neatly summarized the current state of affairs and confirms our own experience: spam has morphed and is back with a vengeance.
I have lived through the early 2000s where Bill Gates predicted that spam would be eradicated in a few years. At the time, a combination of legislative action, vigorous prosecution and software countermeasures looked like it would do the trick.
It seemed like we had defeated electronic junk mail. Then the spammers rose from the dead.
During the last 10 years, since mid-2014, phishing has taken over from Web and still remains the No.1 network infection vector. This is significant because cybercrime sees effectiveness in a ‘push’ model as the attack vector. This graph from Osterman Research shows the story:
Spam has become the prime vehicle for online fraud and ransomware attacks, as these are much more lucrative than just marketing, and this has sparked enormous criminal investment in spam techniques, including systems for harvesting, appending and sharing databases of potential victims.
In the early years, spam fighters were trying to reduce it by creating blacklists of untrusted mailservers which still exist, however they are mostly ineffective through the criminal use of botnets.
Christian wrote: "But it’s 2017, and spam has clawed itself back from the grave. It shows up on social media and dating sites as bots hoping to lure you into downloading malware or clicking an affiliate link.
"It creeps onto your phone as text messages and robocalls that ring you five times a day about luxury cruises and fictitious tax bills. Networks associated with the buzzy new cryptocurrency system Ethereum have been plagued with spam.
"Facebook recently fought a six-month battle against a spam operation that was administering fake accounts in Bangladesh, Indonesia, Saudi Arabia, and other countries. This past November, ZDNet reported that voters were being inundated with political text messages they never signed up for.
"Apps can be horrid spam vectors, too — TechCrunch writer Jordan Crook wrote in April about how she idly downloaded an app called Gather that promptly spammed everyone in her contact list. Repeated mass data breaches that include contact information, such as the Yahoo breach in which 3 billion user accounts were exposed, surely haven’t helped.
"Meanwhile, you, me, and everyone we know is being plagued by robocalls. “There is no recourse for me,” lamented Troy Doliner, a student in Boston who gets robocalls every day. “I am harassed by a faceless entity that I cannot track down.”
Practically all these vectors are using social engineering to manipulate the user into doing something against their own or their organization's best interest.
Stepping your users through new-school security awareness training which addresses all the above attack vectors is a must today.
I strongly suggest you get a quote for your organization and find out how affordable this is. You simply have got to start training and phishing your users ASAP, because your filters never catch all of it. Get a quote now and you will be pleasantly surprised.
Don't like to click on redirected buttons? Cut & Paste this link in your browser:
https://info.knowbe4.com/kmsat_get_a_quote_now
Let's stay safe out there.
Warm regards,
Stu Sjouwerman,
Founder and CEO, KnowBe4, Inc