sb-au logo
Story image

Spammers' work cycles: Mon-Fri with lazy weekends, says IBM X-Force

28 Aug 2017

India, South America and China are responsible for the bulk of the world’s spam emails, and most of them hate Mondays and Fridays, according to new research from IBM X-Force.

Amongst data collected from honeypots and monitoring systems between December 2016 to June 2017, researchers found that 83% of spam was sent during weekdays – namely, Tuesday, Wednesday and Thursday. Distribution on Tuesday peaked at around 17% of all mail volumes.

Mail volume dipped slightly on Mondays and Fridays, while on weekends it dipped even lower to between 8% and 9%.

According to X-Force researchers Limor Kessem and Mark Usher, spam volume spikes around 5am UTC (3pm AEST) and stops around 8pm UTC (6am AEST).

“That’s because spammers start off with Europe before they ‘follow the sun’ and start spamming recipients in the U.S,” they explain.

Some spammers doing the ‘weekend shift’ send spam at all hours of the day and night.

The researchers note that spam coincides with particular malware families including Trojans such as Dridex, TrickBot and Qakbot. Attackers using those tools spam employees through malicious mail at times when victims are most likely to open all incoming mail.

 While 30% of spam attacks appear to originate from India and 11% from China, researchers say that it is possible spammers could be operating in a different country but using services and resources from overseas.

“With that, the origin of spam is still the significant factor because malicious actors will typically spam potential victims from within their own country to appear more legitimate and attempt to bypass some geography-based spam filters,” the researchers state.

Botnets are proving to be an important tool that spread spam on behalf of criminal groups. Systems infected with the Necurs botnet can generate spam at all hours of the day, according to the researchers.

“Are spam statistics disconnected from human operators who work to send spam? While it is true that many spam blasts are automated, there is a lot of work that still goes into each carefully planned campaign. Botnet operators are constantly looking for new ways to circumvent spam filters and make it through to recipients’ inboxes without being blocked or their malicious attachments being disabled,” they explain.

The Necurs botnet has morphed more than once – from malicious Microsoft Office documents to malware in .WSF files to loading fake DocuSign attachments.

X-Force says it will keep monitoring spammers and botnets, but those malicious tools will always attempt to infect new systems and make money off cyber crime.

Story image
Ripple20 threat has potential for 'vast exploitation', ExtraHop researchers find
One in three IT environments are vulnerable to a cyber threat known as Ripple20. This is according to a new report from ExtraHop, a cloud-native network detection and response solutions provider. More
Story image
Kaspersky finds red tape biggest barrier against cybersecurity initiatives
The most common obstacles that inhibit or delay the implementation of industrial cybersecurity projects include the inability to stop production (34%), and bureaucratic steps, such as a lengthy approval process (31%) and having too many decision-makers (23%). More
Link image
When it comes to data, resilience is king
Data is the most important asset for a business. But if it's not stored securely, or if it's not instantly available, its value can plummet. Learn more here.More
Link image
Webinar: Best practices for managing disparate security solutions
As budgets get more constrained, the emphasis shifts from merely finding threats to increased efficiency in managing security operations. Learn how to juggle a crowded field of solutions.More
Story image
Is cyber deception the latest SOC 'game changer'?
Cyber deception reduces data breach costs by more than 51% and Security Operations Centre (SOC) inefficiencies by 32%, according to a new research report by Attivo Networks and Kevin Fiscus of Deceptive Defense.More
Link image
Why the e-commerce sector requires understanding of metrics
CTO's of e-commerce companies need to prioritise quality gathering and analysis of large volumes of data.More