Security firm Symantec has released its latest monthly intelligence report, showing that overall spam levels are at a 12-year low but that well-targeted enterprise attacks are increasing.
The Symantec Intelligence Report June 2015 (PDF) said that spam has fallen to its lowest point for over a decade. However, it still represents 49 percent of email traffic.
There was also good news for IT security managers, as the number of new vulnerabilities fell to 526 in June including just one zero-day threat affecting Adobe Flash, down from 579 reported during May.
Symantec said that phishing email attacks on large enterprises have fallen, from over a third to just around a quarter of all spam, but that sophisticated and well targeted attacks are increasing.
Symantec: Spam Falls Below 50% of All Email for the First Time Since 2003 http://t.co/ZgFYDOlhPG (pdf)— Yaogwai (@Yaogwai) July 19, 2015
The agriculture, forestry and fishing industries took the bulk of phishing attacks, one out of every 1,500, while the financial and insurance industries accounted for one in every 2,900.
Malware has also increased. Symantec said that almost 58 million variants were picked up during June, around twice as many as in May.
Businesses face a heightened threat, according to the firm, and many fall victim to trojans that use high-profile, easy to exploit vulnerabilities.
"Attackers don't need to break down the door to a company's network when the keys are readily available," said Kevin Haley, director of Symantec Security Response.
"We're seeing attackers trick companies into infecting themselves by trojanising software updates to common programs and patiently waiting for their targets to download them, giving attackers unfettered access to the corporate network."
Symantec said that zero-day exploits are taking longer to patch. "Software companies take an average of 59 days to create and roll out patches, up from only four days in 2013," the report said, and hackers are taking advantage of the situation.
This showed itself in the hacker response to Heartbleed when an exploit was available just four hours after disclosure.
However, the report added that the hacking community will readily rely on off-the-shelf malware and tried and tested social engineering as a means to breach companies and databases.
"Cyber criminals are inherently lazy. They prefer automated tools and the help of unwitting consumers to do their dirty work," added Haley.
"Last year, 70 percent of social media scams were shared manually, as attackers took advantage of people's willingness to trust content shared by their friends."
Robot can assemble Ikea furniture in under 10 minutes - several hours less than the average human
Researchers claim to be one step closer to developing flexible screen televisions, tablets and phones
Thanks to the creation of an ultrafast, nanoscale transistor
The 'first demonstration' of a scalable method for manufacturing graphene
Lifted off on a SpaceX Falcon 9 rocket today following postponement on Monday