The US, UK, Ireland, and
Japan emerge as the main source of
spam; manufacturing, government, and IT sectors are most
victimized; Pikabot top malware family
LONDON, May 9, 2024 /PRNewswire/ -- VIPRE Security
Group, a global leader and award-winning cybersecurity, privacy,
and data protection company, today released its Q1 2024 Email
Threat Trends report, based on an analysis of 1.8 billion emails.
The findings reveal the evolving landscape of email-based threats
and emerging tactics malicious actors are employing.
The US, UK, Ireland, and
Japan top the spam sources
list
The report identifies the US as the top source of spam
emails globally, followed by the U.K., Ireland, and Japan. The US, UK, and Canada are the top three countries most
subjected to email-based attacks.
Attackers aim at the manufacturing sector
The
manufacturing, government, and IT sectors are the most victimized
by malicious actors. In Q1 2024, the manufacturing sector suffered
43% of email-based attacks, with the government (15%) and IT (11%)
trailing well behind. This is a change from Q1 2023, when attackers
targeted the financial (25%), healthcare (22%), and education (15%)
sectors most often.
Scams surpassing phishing
This research warns
that 'scams' within the spam category are growing in popularity
among cybercriminals, overtaking phishing emails in the first
quarter of 2024.
There's been a notable increase in phishing emails masquerading
as communications from Human Resources, falsely claiming to relate
to employee benefits, compensation, or insurance within a company.
These emails contain malicious attachments in .html or .pdf
formats, featuring phishing QR codes that redirect recipients to
phishing sites upon scanning.
New phishing trends and techniques
In email phishing
campaigns, 75% of emails leverage links, 24% favor attachments, and
1% use QR codes. Attackers are employing links in phishing emails
for URL redirection (54%), compromised websites (22%), and newly
created domains (15%).
Emerging tactics employed by cybercriminals to execute phishing
attacks include the use of .ics calendar invite and .rtf attachment
file formats to trick recipients into opening malicious
content.
Malspam links and top malware family
Encouraged by the
success of password-oriented phishing emails that use links,
cybercriminals are opting for malicious links in malspam emails
instead of attachments. Malware is increasingly being hidden in
cloud storage platforms such as Google Drive. The use of
malware-based emails employing attachments has increased to 22% in
Q1 2024, from only 3% in Q1 2023.
Due to the void left by the dismantled Qakbot malware, Pikabot
has emerged as the top malware family, with IceID a distant
second.
Exploiting software vulnerabilities
Criminals are
exploiting a web application vulnerability, most notably Reflected
Cross-Site Scripting (XSS), focusing on the tag attribute "href",
to circumvent detection by using a variety of tactics such as
images as the entire email content, encoding URLs, and directing
the victim through multiple URLs.
Malicious actors are also finding success with thread hijacking
of NTLM (NT LAN Manager), a security protocol used by Microsoft
Windows operating systems for authentication. By hijacking the
authentication thread, attackers extract NTLM challenge-response
hashes from legitimate SMB (Server Message Block) sessions, to
enable them to impersonate authenticated users and gain
unauthorized access.
"Criminals are using email with success to scam, infiltrate
networks, and unleash malicious payloads," warns Usman Choudhary, Chief Product and Technology
Officer, VIPRE Security Group. "We're witnessing bad actors
relentlessly exploiting human vulnerabilities and software flaws,
circumventing email gateways and security measures with alarming
precision. Robust email and endpoint defenses, coupled with a
vigilant human frontline, remain our strongest defense against
these unyielding attacks."
To read the full report, click here: VIPRE's Email Threat Trends
Report: Q1 2024.
VIPRE leverages its unique understanding of email security to
equip organizations with the information they need to protect
themselves. This report is based on proprietary intelligence
gleaned from round-the-clock vigilance of the cybersecurity
landscape.
About VIPRE Security Group
VIPRE Security Group, part of Ziff
Davis, Inc., is a leading provider of internet security
solutions purpose-built to protect businesses, solution providers,
and home users from costly and malicious cyber threats. With over
25 years of industry expertise, VIPRE is one of the world's largest
threat intelligence clouds, delivering exceptional protection
against today's most aggressive online threats. Our award-winning
software portfolio includes next-generation antivirus endpoint
cloud solutions, advanced email security products, along with
threat intelligence for real-time malware analysis, and security
awareness training for compliance and risk management. VIPRE
solutions deliver easy-to-use, comprehensive layered defense
through cloud-based and server security, with mobile interfaces
that enable instant threat response. VIPRE is a proud Advanced
Technology Partner of Amazon Web Services operating globally across
North America and Europe.
The group operates under various brands, including VIPRE®,
StrongVPN®, IPVanish®, Inspired eLearning®, Livedrive®, and
SugarSync®. www.VIPRE.com
View original
content:https://www.prnewswire.co.uk/news-releases/latest-vipre-security-group-email-threat-trends-research-exposes-global-phishing-and-malware-threat-landscape-302141052.html