Most spam continues to be drugs related, yet it is aimed at workers in the automotive industry. The United States, traditionally king of malware infected email, has dropped like a lead balloon to be overtaken by the UK. And workers prefer to download stuff on the move and get their sexual kicks in the office. Who said that security reports were boring? DaniWeb has been talking to Paul Wood, senior analyst at Symantec Hosted Services, about the implications of the newly published September 2010 MessageLabs Intelligence Report .
The report, published by September 21st, reveals that some 35 percent of workers using the MessageLabs Hosted Web Security Service will trigger a web filtering policy block away from the office rather than in the workplace. Interestingly, download category blocks are more than five times as likely to triggered by mobile workers than office-based ones, yet attempting to access sexually explicit content is more commonplace in the office than out of it. DaniWeb asked Paul Wood how businesses can protect themselves from the threat of staff trying to circumvent corporate policy when outside of the workplace. Here's what he told us:"You will never be able to completely lock down the use of the Internet within the workplace and you will never be able to stop the cyber gangs. Education with the workplace is key. Businesses need to educate employees on the risks from malware and how their behaviour affects this, also education about the various dangers from malware, including that legit websites are a big danger. Security training on a regular basis – annually at least. Although technology plays a fundamental role in reducing risk from employee behavior, equally important is end-user education. It is important that staff understand the importance of the organization’s security policies; individual employees need to understand that they also have a role to play in their company’s security. It is a three-pronged approach - leave any one of these elements out then the business may be vulnerable to exposure. It is therefore important for IT managers and HR managers to understand that there will always be a small subset of employees that are likely to try and flout the rules. Technology can be used to filter out bad traffic such as emails that may contain malware or block access to inappropriate websites. However, having the right acceptable usage policies in place is also a requirement. Such policies will provide employees with the appropriate guidance to regulate their behavior online. Technology is then used to implement and monitor the effectiveness of these policies. From a management perspective, when a policy rule is triggered it logs the event which either results in a website being blocked, or the user is allowed to visit the website, but their activity is recorded." The report also looked at spam trends, and revealed that the global ratio of spam within email traffic from new and previously unknown sources was 1 in 1.09 emails, or a stonking great 91.9 percent. Perhaps surprisingly, the most spammed industry sector was the automotive business which had a received spam rate of 94.1 percent. DaniWeb asked why there seemed to be a trend moving away from drugs spam to cars? Paul Wood told us:"Firstly a point of clarification here: Automotive refers to the industry sector that is receiving the most spam, globally; rather than in reference to the type of spam that is blocked, such as spam touting cars. The vast majority of spam in circulation is pharmaceutical related, accounting for as much as 60% of all spam. The Automotive sector has been the target of a lot more spam in recent months, perhaps in part because the recipient email addresses are often well-known brand names. Spammers are keen to target domain names that contain a large number of users. The perception on the spammers’ part may be that these domains belong to large multi-national corporations and therefore employ a large number of people and so the probability that they will hit upon a real email address at random may be thought (on the spammers part) to be much greater. Spammers also use a popular technique called ‘dictionary attacks’, using dictionaries of first names and last names combined with a target domain. They are able to generate millions of potentially valid email addresses for a single domain. This in turn would put a strain on the email servers that have to handle all of this email – even with anti-spam technology in place - the servers are still obliged to accept the email connection, even if they are then going to reject it because the user isn’t valid. This technique can be a silent killer for smaller businesses especially."
Finally, our attention was drawn to the statistics concerning geographical trends when it comes to malware infected email which show that in the US 1 in every 403.9 emails were infected yet in the UK the number was 1 in every 117.5 emails. DaniWeb asked Paul Wood to explain why this should be the case?"Normally the US rate is much higher than the UK but in the last few weeks, European and UK banks have been the targets of an increased number of malicious emails. Many cyber gangs are based in Europe and former Soviet Union countries so this can also count for the increase in Europe and the UK being targeted more by the online gangs sending the malware. Moreover, malware attacks tend to be more targeted now than in previous years – with recent outbreaks like W32.IMSOLK.B@mm being a notable exception. Recently, more attacks have been directed towards UK businesses than in the US. Normally the malware rate in the US is higher compared with the UK. This is because US clients tend to have a greater volume of legit mail – on average they use email more for day-to-day work. Also US businesses tend to be larger organisations, employing more people on average. This means that as the proportion of legitimate email in circulation is greater, the ratio of malicious emails is lower in the US by approximately 0.6 percentage points."