Email, while an invaluable communication tool, has become a playground for malicious actors in today's increasingly interconnected world. VIPRE's AV Labs, well-acquainted with the ever-evolving landscape of email threats, has released its Q3 2023 Email Threat Trends Report. This comprehensive report is a testament to the vigilance and dedication required in securing the world of email.
The Current Email Threat Landscape
Q3 2023 witnessed some notable trends in the world of email security. Threat actors are continuously refining their tactics to target unsuspecting users and organizations. One striking development is the rise in the use of Google Drive and QR codes to hide malicious links, taking advantage of our penchant for clicking on unfamiliar links. Furthermore, PDFs have surged in popularity as tools for malspam delivery.
Sophistication vs. Simplicity: Attacker Strategies
Threat actors are deviating from highly technical attacks, instead leaning into low-tech tactics. Callback phishing and Redline malware are prime examples of this approach. Callback phishing, a surprisingly simple but effective ploy, often tricks users into revealing their sensitive information over the phone. Redline malware, known for its user-friendly control panel, severely threatens Windows systems and can steal data, including cryptocurrency-related information.
The Role of AI in Phishing Attacks
ChatGPT, an AI-driven language model, is being harnessed to craft phishing emails that are growing increasingly convincing. In addition, LinkedIn Slink, a clean-looking LinkedIn URL, has become a preferred choice for malicious actors, as it can bypass traditional security protocols.
Data Analysis and Threat Detection
Heuristics played a significant role in identifying spam emails in Q3 2023, with combined heuristics approaches proving ten times more effective than similar signature-based methods.
The scale of Email Threats
In Q3 2023, out of nearly 2 billion processed emails, over 200 million were malicious; this indicates that one in every ten emails was infected with malware or contained malicious intent.
The Power of Attachment Sandboxing
In Q3 2023, attachment Sandboxing emerged as an essential tool for identifying and isolating potential threats before they wreak havoc. Most malicious attacks came from never-before-seen behaviors, which could have wreaked havoc without attachment sandboxing.
Looking Beyond Signature-Based Detection
Heuristic rules, including AV Labs Yara Rules, identified over a million spam incidents. In contrast, signature-based detection methods lagged significantly, underscoring the importance of making educated guesses in identifying new threats.
Email Security Trends and the Role of Cybersecurity Tools
While email security tools are undoubtedly doing their job, threat actors are also evolving. The drop in attack emails in Q3 may be a lull before the storm, as holiday spam traffic is expected to surge. BEC attacks continue to rise, and the FBI's Internet Crime Report reveals that BEC ($2.7 billion) has exceeded the losses caused by ransomware ($34.3 million) by a staggering factor.
Email Scams and Common Techniques
Password phishing is still prevalent, with cybercriminals aiming to steal user passwords through various deceitful tactics; this is evident in the common phishing phrases used in Q3. QR codes are playing an increasing role in phishing, emphasizing the evolving nature of social engineering.
Recognizing Spoofed Domains
Emails from popular brands continue to be targeted for spoofing, with Microsoft, Google, and Dropbox topping the list. Recognizing spoofed domains is crucial, and vigilance is necessary to avoid falling prey to seemingly innocuous emails.
The Role of PDFs in Email Attacks
PDFs are increasingly employed as an attack vector, given their universal compatibility across platforms. Attackers often use them to deliver malicious links, making them an effective tool for phishing campaigns.
Callback Phishing: A Simple but Effective Tactic
Callback phishing demonstrates that attackers do not always need sophisticated methods to succeed. These attacks, which rely on user interaction and phone calls, pose a genuine threat due to their simplicity.
The Pervasive Threat of Business Email Compromise (BEC)
BEC attacks are growing more sophisticated and damaging, with AI-generated phishing emails becoming more convincing. BEC attacks have caused billions in damages and continue expanding their reach through new technology.
The Importance of Phishing Awareness
Phishing emails often aim to steal user passwords by posing as legitimate requests for changes or updates. Users must be wary of these phishing tactics, including password update requests and QR code scans.
The Role of URL Redirection and IPFS
URL redirection and file storage URLs are prevalent in phishing campaigns. LinkedIn Slink, a method to hide malicious links, and using the InterPlanetary File System (IPFS) to store malicious files are trends to watch out for.
Malspam Delivery and the Prevalence of PDFs
Malspam attacks predominantly use link-based delivery over attachments. Google Drive is a favored location for hiding malware; attachment sandboxing was essential in detecting these threats.
Redline Malware Takes the Lead
Redline malware, known for its ease of use and capabilities, emerged as the top malware family in Q3. This dangerous malware can exercise complete control over compromised systems, posing significant threats to user data.
Staying Prepared in the Email Threat Landscape
Staying ahead of email security threats is critical for ensuring business continuity and safeguarding sensitive data. VIPRE's Q3 2023 Email Threat Trends Report offers crucial insights and tools to help users stay safe, informed, and prepared to tackle the challenges in their inboxes. Users and organizations can bolster their defenses against the ever-creative world of email threats by remaining vigilant and understanding the evolving threat landscape.
---
About the Author: Josh is a Content writer at Bora. He graduated with a degree in Journalism in 2021 and has a background in cybersecurity PR. He's written on a wide range of topics, from AI to Zero Trust, and is particularly interested in the impacts of cybersecurity on the wider economy.
