Cloudmark’s 2015 Q1 Global Threat Report

With articles on the rise and fall of a major spammer, the pros and cons of DNSSEC, Canada's Anti Spam Law, ransoming your data, home router compromises, and casino advertising that went too far, Cloudmark's Threat Report for 2015 Q1 covers the latest in the cyber threat landscape. We normally imagine that most spam sent to North America and Western Europe is coming from other countries: the Nigerian con artist, the Chinese vendor of fake designer goods, or the Russian selling bootleg pharmaceuticals. However, we also see huge volumes of spam coming from US based organizations. One of them, a company called Acquinity based in South Florida, was successfully sued by the Federal Trade Commission last year. Court documents from this and other cases involving Acquinity give us an unprecedented insight into the finances and operations of a major spammer. At its peak Acquinity was generating over a hundred million dollars a year in revenue and employed hundreds of people, but much of this revenue was coming from illegal or exploitive schemes. Some spammers obtain large blocks of IP addresses so that they can send a few messages from each one and attempt to avoid IP address blocking. We call this snowshoe spam. For several years Romania has been a haven for snowshoe spammers, but soon after the FTC sued Acquinity we saw the start of a dramatic reduction in the number of Romanian IP addresses sending spam. Coincidence?

Many of the emails we saw from Acquinity were advertising products and services from legitimate companies who were operating an affiliate program, often through a third party, to generate leads. We saw another interesting case of affiliate spam recently, when a UK based online gambling service was briefly but aggressively promoted by a text message spammer.

DNSSEC is a protocol that authenticates DNS lookups. Though it has been around for more than a decade, it is far from universal adoption. We take a close look at the pros and cons of DNSSEC and explain why even if you do implement it you do not have a complete DNS security solution. Last year Canada implemented one of the strongest anti-spam laws in the world, CASL. We took a close look at the impact, and the results surprised us. We saw a 37% reduction in spam originating from Canada, but it wasn't just spam that went down. Over all, Canadians received 29% less email after CASL was implemented. We believe this is because there was a lot of marketing email which was not technically spam but did not meet the strong requirements for affirmative consent required by CASL. The Canadian law is proving effective in reducing inbox clutter and could act as a model for stronger anti-spam laws in the US, UK and other countries.

Ransomware (that is, malware that encrypts all your files and demands that you pay a ransom to get them back) has been an increasing problem for the past year and a half. As well as the many businesses and individuals who have suffered, there are at least five police departments that have been forced to pay ransom in order to retrieve vital case files. But even if you decide to pay ransom you won't get your data back right away, unless you already have a couple of bitcoins available. We look at the hoops you have to jump through to purchase bitcoins in a hurry. Home routers and other Consumer Premises Equipment (CPE), are usually installed and ignored so long as they keep on working. However, we can't go on ignoring them much longer. The represent a soft target for hackers in a number of different ways, and over the past few years we have seen the ability to exploit their vulnerabilities go from the relatively sophisticated architects of the DNS Changer attack to the script kiddies of the Lizard Squad. We take a close look at the widespread threat of CPE. On a personal note, I'd like to send major thanks to Tom Landesman for all his work on this and previous quarterly reports. Tom's career is moving on, and I'd like to wish him all the best for what I am sure will be a very bright future. Cloudmark's 2015 Q1 Global Threat Report