3 min read

Spam Hits 12-Year Low, Symantec Report Finds

While cyber-attacks grab all the headlines, the amount of spam hitting the in-boxes of the corporate world is actually at its lowest level in 12 years, according to Symantec.
14 Security Fails That Cost Executives Their Jobs
14 Security Fails That Cost Executives Their Jobs
(Click image for larger view and slideshow.)

If you have noticed the amount of spam hitting your corporate email account is on the wane, you are not alone. A new Symantec report released this week shows that annoying spam emails are at a 12-year low.

Symantec's Intelligence Report for June 2015 is devoted to the various electronic threats companies face. These various threats are measured over several months' time and are compared to previous rates.

While the report measures a number of different security problems, and there are a number of concerns, it's spam that's on the decline.

Specifically, the overall spam rate in June dropped to 49.7%, which is the first time the rate of total email has fallen below 50% for over a decade. The last time Symantec recorded a similar spam rate was in September of 2003. However, for email traffic to companies with 1 to 250 employees, 52% of it was identified as spam.

Not all of the news is good, however.

While phishing rates and email-based malware were both down, 57.6 million new malware variants appeared in June. This is up from 44.5 million pieces of malware created in May and 29.2 million in April.

This trend shows that even though email-based attacks of all stripes are down, the attackers are moving to other modalities.

One of the differing modalities that showed up was ransomware attacks, with over 477,000 incidents detected. While this is below what occurred at the end of 2014, it is the second month in a row that ransomware attacks have increased.

Ransomware attacks reached a 12-month low in April.

Overall, one in 319 emails contained some sort of malware.

Crypto-ransomware attack levels rose in June. They showed their highest levels since December 2014.

The business sectors targeted by these attackers vary month-to-month. Attacks against the manufacturing industries flattened out in June, dropping from 41% to 22%.

Manufacturing is still the largest sector that is attacked. The second largest is the combined finance, insurance, and real estate sector, according to the report. After that, it's the combined services and professional sector.

Spear-phishing attacks were predominately aimed at smaller companies, with 38.1% of them targeting companies under 250 employees. Companies with 250 to 500 employees were part of 15.2% of the attacks recorded by Symantec.

[Read about the ways Google is using AI to beat spam.]

There was a variance of email traffic identified as phishing by industry sectors as well.

The agriculture, forestry, and fishing sector was at the highest level, with 1 in 1,469 emails. The transportation, communications, electric, gas, and sanitary service sector was lowest, with only 1 in every 4,495 emails containing a phishing attack. Yet the utility sectors had the highest proportion of email traffic that was identified as malicious, with 1 in every 230 emails identified as such.

This kind of report puts some reality checks into what is a widespread problem.

Each business sector is affected, just at differing levels. It is up to an enterprise's CIO and IT staff to encourage and enforce email hygiene so that these attacks do not succeed.

Symantec is able to produce this type of report because of its security products. The company's network monitors threat activity in over 157 countries and territories through a combination of Symantec products and services such as Symantec DeepSight Intelligence, Symantec Managed Security Services, Norton consumer products, and other third-party data sources.