Security firm Symantec has released its latest monthly intelligence report, showing that overall spam levels are at a 12-year low but that well-targeted enterprise attacks are increasing.
The Symantec Intelligence Report June 2015 (PDF) said that spam has fallen to its lowest point for over a decade. However, it still represents 49 percent of email traffic.
There was also good news for IT security managers, as the number of new vulnerabilities fell to 526 in June including just one zero-day threat affecting Adobe Flash, down from 579 reported during May.
Symantec said that phishing email attacks on large enterprises have fallen, from over a third to just around a quarter of all spam, but that sophisticated and well targeted attacks are increasing.
Symantec: Spam Falls Below 50% of All Email for the First Time Since 2003 http://t.co/ZgFYDOlhPG (pdf)— Yaogwai (@Yaogwai) July 19, 2015
The agriculture, forestry and fishing industries took the bulk of phishing attacks, one out of every 1,500, while the financial and insurance industries accounted for one in every 2,900.
Malware has also increased. Symantec said that almost 58 million variants were picked up during June, around twice as many as in May.
Businesses face a heightened threat, according to the firm, and many fall victim to trojans that use high-profile, easy to exploit vulnerabilities.
"Attackers don't need to break down the door to a company's network when the keys are readily available," said Kevin Haley, director of Symantec Security Response.
"We're seeing attackers trick companies into infecting themselves by trojanising software updates to common programs and patiently waiting for their targets to download them, giving attackers unfettered access to the corporate network."
Symantec said that zero-day exploits are taking longer to patch. "Software companies take an average of 59 days to create and roll out patches, up from only four days in 2013," the report said, and hackers are taking advantage of the situation.
This showed itself in the hacker response to Heartbleed when an exploit was available just four hours after disclosure.
However, the report added that the hacking community will readily rely on off-the-shelf malware and tried and tested social engineering as a means to breach companies and databases.
"Cyber criminals are inherently lazy. They prefer automated tools and the help of unwitting consumers to do their dirty work," added Haley.
"Last year, 70 percent of social media scams were shared manually, as attackers took advantage of people's willingness to trust content shared by their friends."
Fabes has held senior IT positions for over 30 years
Can Alienware's latest and greatest topple the mighty ASUS ROG Zephyrus as the most powerful gaming ultrabook we've seen?
Jacky Wright takes over from interim CDIO Mike Potter
Avast admits that 2.27 million installations were affected