Over the past year, malware levels seemed to consistently double themselves every quarter, according to the latest report by security outfit AppRiver. In Q2, the company said it recorded an “uncharacteristically busy April” and a “record-breaking May,”—most of which was driven by the Necurs botnet.

“What used to be a constant stream of messages touting fake Rolex watches, male enhancement pills and pornography has now become a 24/7 deluge of ransomware, spyware, phishing, and other malware,” the company said.

Nercus was the driving force behind 4.2 billion malicious emails and 3.35 billion spam emails between April 1, 2016, and June 30, 2016, said AppRiver. For the first time, the report also includes metrics from Web-borne threats, reporting an average of 43 million unique threats daily throughout the second quarter.

Fifty-five percent of spam and malware traffic originated in North America, with Europe coming in second place, said the company.

According to AppRiver, phishing attacks today range from highly targeted spear phishing to the more traditional cast net style attack. In both cases, cybercriminals have continued to hone their techniques to improve their success rate against their targets by adding greater detail and customization.

One form of spearphishing that security analysts from the company have dealt with on a consistent basis is targeted messages that lead to wire transfer fraud. Often referred to as Business Email Compromise (BEC), these have been a popular attack vector throughout 2016. BECs have been estimated to have netted cybercriminals profits well into the billions of US dollars in the past few years.

According to AppRiver, ransomware levels, as predicted in the Q1 Global Security Report, have increased this quarter, and probably pose the greatest threat. AppRiver’s security researches predict that the massive volume of malware isn’t likely to subside anytime soon, especially with the likes of Locky and Zepto kidnapping users’ files until they pay a ransom. Ransomware is booming business, indeed.

“On the Dark Web, organized crime groups have the ability to purchase botnets that unleash ransomware, such as the very popular Locky variant, that help to keep themselves in business and to fund other criminal activities,” said Troy Gill, manager of security research, AppRiver.

“Its easy accessibility, coupled with victims’ willingness to pay to get their files back, contribute to its massive scope,” he added.


To prevent malware attacks, AppRiver recommends organizations have the following systems in place:

  • Antispam and antivirus solutions, including protection against Web-borne malware
  • Routine, mandatory software updates so that known vulnerabilities are patched
  • Double authentication procedures as a safeguard against “whaling” and other highly targeted attacks
  • Formal security policies and ongoing training to keep employees up to date and aware of their individual role in protecting company networks