Spam Spikes and Java Exploits Continue to Grow
There are a number of techniques that Cisco uses to track the new exploit kits. At the most basic level, figuring out the identity of an exploit kit is about matching exploit and URL patterns, Gundert said. "The problem is that exploit kit authors are changing their URL patterns so frequently now that it's becoming increasingly challenging," he said. One of the things not in the report is the link between malvertising and exploit kits, though it's an area that Cisco tracks. Malvertising is malicious Web advertisements that redirect users to pages where they can be potentially exploited. "Of the millions of URL requests that Cisco has blocked for customers in the last six months, we believe that 5 to 10 percent are directly related to malvertising," Gundert said.Spam Another key trend observed by Cisco in its midyear report is a spike in spam volume. According to Cisco, from June 2013 to January 2014, monthly spam volumes averaged between 50 billion to 100 billion messages a month. In March 2014, spam volume was peaking at just over 200 billion messages per month. "Bad guys have been forced to be more clever to come up with new methods for spam," Gundert said. One of those newer approaches is something known as snowshoe spam. With snowshow spam, the spammers use many different IP addresses, each used in low volume, to send the junk messages. "It's a cat and mouse game; they'll adapt and we'll adapt again," Gundert said. "Spam is continuously profitable, and there is plenty to monetize it." Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
The risk of malvertising is nontrivial because it can impact users visiting large Web properties. During the recent FIFA World Cup, a popular Brazilian sports site was a victim of malvertising. Infecting ad networks of major online news organizations is also a tactic the Syrian Electronic Army (SEA) has leveraged in multiple attacks, including one against Reuters in June.