Welcome to the May edition of the Symantec Intelligence report. Symantec Intelligence aims to provide the latest analysis of cyber security threats, trends, and insights concerning malware, spam, and other potentially harmful business risks.
It appears as though attackers had small businesses clearly in their sights last month. All of our metrics that look at the size of organizations show businesses with less than 250 employees were subjected to the largest amount of malicious activity during the month of May. For instance, 42.5 percent of spear-phishing attacks were directed at organizations of this size during May, up from 30.6 percent in April. Small organizations were the most targeted size for overall phishing too. And while all organization sizes hovered around a 52 percent spam rate, organizations with less than 250 employees had the highest rate at 52.7 percent.
Small organizations were most likely to be targeted by malicious email in the month of May as well, where one in 141 emails contained a threat. The overall proportion of email traffic containing malware also increased this month, up from one in 246 emails in April to one in 207 emails in May. However the percentage of email malware that contained a URL remained low in May, hovering around three percent. The Public Administration sector was the most targeted industry again in May, with one in 150 emails containing malware, though this is down from one in 127 in April.
In spear-phishing attacks, Microsoft Word files—the .doc and .docx extensions—made up over 40 percent of attachments used in spear-phishing attacks during May. Microsoft Excel files also ranked highly, comprising 13.5 percent of spear-phishing attachments. While executable files, such as .bin, .exe, and .scr files, are frequently seen in spear-phishing attacks, this category of file types was down almost 25 percentage points in May. The Manufacturing sector was subjected to the largest volume of spear-phishing attacks, as 41 percent were directed at organizations in this sector.
In other news, there were more than 44.5 million new malware variants created in May, one zero-day vulnerability was reported (CVE-2015-3456), and while two vulnerabilities in industrial control systems were reported in April, none were reported this May.
We hope you enjoy the May Symantec Intelligence Report. You can download your copy here.