Article Highlight: Q1-2014 SPAM study by Sophos shows interesting results

Every quarter Sophos studies spam and releases the results. This years title is "The Dirty Dozen Spampionship: Who's who in the global spam-sending league?"

The study shows the amount of spam sent by country. It's important to note that this does not necessarily correlate to the bad actor's physical location.  Most of these actors don't send it directly from their networks but rather utilizes resources, usually infected PCs (aka zombies), on other networks many times in countries other the one they reside in.  A couple tidbits I found interesting...

• By volume the United States tops the list at 16.4% of total spam.  This is a huge lead as the next offending country, Spain, comes in at 5.0% of all spam volume followed by Russia (4.4%), Italy (4.3%), and China (4.1%).

• Israel, who in the past spawns off information security start-up companies, is #3 in the list by population.  That's surprising to me.

• I expected Russia, China, and India to be higher based on some of the data I've personally seen

Link to article:
http://nakedsecurity.sophos.com/2014/04/17/the-dirty-dozen-spampionship-whos-who-in-the-global-spam-sending-league/?utm_source=Naked+Security+-+Sophos+List&utm_medium=email&utm_campaign=000398c556-naked%252Bsecurity&utm_term=0_31623bb782-000398c556-454927713
(short link)
http://bit.ly/1iqTmgF

Major breach exposed customers of major brands

There's been a data breach (article 1, article 2) at one of the largest marketing services companies around and your email might have been exposed. The breach occurred at a company called Epsilon which handles email communications for many big brands such as Capital One, Citi, Disney, etc. Their website boasts over 2,500 clients including 7 Fortune 10 companies.

At this time the list includes about 15 companies but it's been growing, so even if you've not done business with one of the companies listed below, one that you have done business with might have been exposed.

Criminals are using the emails to send malicious software (in the form of PDFs or other documents) and/or links to websites that lead to malicious software and/or phishing scams. Be alert. Here's the list of companies confirmed to have been exposed at this time (some have links to notifications):

UPDATE 06-APR-2011 (LIST UPDATED):
1800-Flowers
Abe Books
AbeBooks
Air Miles CA
Ameriprise Financial
Barclays Bank
Beachbody
Bebe Stores Inc.
Benefit Cosmetics
BestBuy
Brookstone
Capital One
Charter Communications (Charter.com)
Citibank
City Market
Dillons
Disney
HSN (Home Shopping Network)
Eddie Bauer
Eurosport/Soccer.com
Food 4 Less
Fred Meyer
Fry's
Hilton Worldwide
JP Morgan Chase
Kroger
Jay C
King Soopers
Kroger
LL Bean Visa Card
Lacoste
Marriott International
Marriott Rewards
McKinsey & Company
Moneygram
New York & Company
QFC
Ralphs
Red Roof Inns Inc.
Ritz-Carlton
TiVo
Robert Half
Smith Brands
TD Ameritrade
TIAA-CREF
Target
The College Board
The Home Shopping Network
TiVo
US Bank
Verizon
Walgreens
World Financial Network National Bank