I don’t often like to prognosticate because like most people, I don’t want to be wrong. However in this case, the predictions I am making aren’t based in numbers and statistics; they are much less tangible.
Before we take a look at what is expected as we begin 2013, let’s take a quick look over some of the things we saw in 2012 as these are what I am basing my predictions on.
Spam Goes Down
One of the most significant stories of 2012 was the takedown of the Grum botnet in July causing a huge drop in the Spam Volume Index that hovered around 1000 early in 2012. Right after this army of zombie computers was dismantled, the index fell to below 200 for the first, and only, time all year.
Unfortunately by October the index was back up to around 800 before falling again and then spiking back up to near 600 around the holidays.
In 2012 dating and pharmaceutical spam accounted for more than half of all types of spam. According to reports, diplomas fell to below 1 percent and replica products dipped to almost 4 percent. Spam containing malicious links accounted for 6.68 percent of spam, phishing emails were .04 percent and messages loaded with malware were .01 percent of all spam emails.
And in 2013…
Using the aforementioned information as a foundation, we should expect the following in 2013:
Another Dip in Levels
With huge botnets like Cutwail and Lethic pumping out millions of spam emails a day it is only a matter of time before one of them goes the way of Grum or Rustock. Every year we seem to see the fall of one of the larger botnets and experience a lull in spam related activity. In 2013, one of these two will fall and make headlines loud enough for people to let their guard down. If I had to pick one of the two, I think that Cutwail will be more heavily targeted due to its ability to send spam and launch DDoS attacks.
More Spear Phishing
In 2011 profits netted by cyber criminals fell from $1.1 billion to $500 million when mass phishing was used as the attack method. This fall is usually attributed to botnets popular to phishers being taken down. However smart criminals have learned that by spear phishing, or targeting specific people/organizations, they can net higher profits with less of a chance of being stopped by anti-spam filters. This year, watch for more targeted spear phishing attacks, like the one against the White House, to make the news.
People Will Learn to Read Statistics
One of the worst things regarding security is statistics in the hands of the wrong people. In 2012 we saw the “spam levels plummet” headlines over and over again only to see the volume rise again shortly thereafter. What people often fail to understand is that A) when a botnet goes down so do spam levels – for a short time and B) the levels of spam that make up these statistics often represent the number of spam emails caught by anti-spam filters. All those pesky junk mail messages that sneak by and show up in your inbox aren’t counted. This year, people will start to understand these numbers and how we get them so that they are not lulled into a false sense of security.
Replica Product Spam Will Rise Again
The economy is growing stronger in the US, but people aren’t going to rush out and drop a few hundred dollars on a new bag or designer sunglasses when they can get a good looking replica for less than half the price of the original. People advertising counterfeit products will start some heavy marketing campaigns bringing this type of spam back up in to double-digit numbers.
A New Player Will Enter The Market
Spam sources usually bounce around from the same players: the United States, India, China, Russia and Brazil dominate. This year, however, look for an outsider to make a name for themselves. Since most spam originates from botnets it would need to be a country that has a high number of compromised host computers. Look for someone in Europe to jump into the game.
What about you? Let us know any predictions you have for this year in the comment section.