The Latest Trends In Email Threats

Threat actors are increasingly hiding malicious links in Google Drive and other cloud storge spaces. Examples include PDF files as a malspam delivery tool have more than quadrupled since Q1 this year, and callback phishing and user-friendly Redline malware is also on the rise. 

Now, leadning cyber security  company, VIPRE Security, has released its Q3 Email Threat Trends Report 2023.  

Analysing nearly two billion emails, the report finds that cyber criminals are adapting their methods to reflect changing consumer habits, alongside exploiting evolving technology to evade detection.

Key highlights of the report include:

  • 233.9 million malicious emails detected in Q3 2023.
  • 110 million emails attributed to malicious content, 118 million to malicious attachments.
  • 150,000 emails displayed previously unknown behaviours.
  • Threat actors favour link-based delivery (58%) over attachments (42%). 
  • Combined heuristic approaches detected roughly ten times more spam instances than a similar signature-based detection approach 

Clearly, email threats remain a big source of trouble in the side of cybersecurity teams. The 150,000 emails containing newly created exploits represent a significant shift in the landscape.

Cyber criminals are also changing their delivery methods to reflect changing consumer habits. As cloud storage services have grown in popularity, so have they developed as a malspam delivery method, accounting for 67% of all malspam delivery methods in Q3 2023. Legitimate, compromised websites made up the remaining 33%.  

Leveraging combined heuristics, VIPRE identified over one million spam incidents across two distinct subsets: legacy heuristic rules caught 810,000, while new heuristic rules reeled in more than 72,000. To put this into perspective, traditional, signature-based approaches identified 150,000 overall.

These numbers represent a shift in the email security landscape as older defensive technologies struggle to keep pace with phishing-as-a-service offerings and an onslaught of novel malware models.  

“Cybercriminals are extremely capable, informed, and effective; we mustn’t underestimate them... However, by exposing cyber criminal attack methods and trends, through this report we aim to empower organisations to combat those who seek to do them harm.” said Usman Choudhary, Chief Product & Technology Officer at VIPRE. 

The report also reveals how cyber criminals are increasingly utilising AI tools to make their emails more believable. Only recently, many, if not most, spoof emails were betrayed by poor grammar, spelling mistakes, or strange formatting. Today, Generative AI tools such as ChatGPT have made this detection method largely obsolete; at the click of a button, cyber criminals can produce literate, well-formatted emails that few could distinguish from legitimate communications.  

ChatGPT continues to improve phishers’ ability to dupe, and LinkedIn Slink is an unforeseen malicious work-around.

Image: Brett Jordan

You Might Also Read: 

Generative AI Tools Help Criminals Launch More Sophisticated Attacks:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« The Information War In Gaza & Israel
Intelligence Chiefs Accuse China Of IP Theft & Online Deception »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Zentek Digital Investigations

Zentek Digital Investigations

Zentek has been providing digital forensics services to the public and private sector for computers and mobile devices since 2004.

NetFort

NetFort

NetFort provides software products to monitor activity on virtual and physical networks.

A-LIGN

A-LIGN

A-LIGN is a technology-enabled security and compliance partner trusted by more than 2,500 global organizations to mitigate cybersecurity risks.

Vehere

Vehere

Vehere specialises in mission critical signals aquisition and analytics platform and cyber defence systems.

LinkUp

LinkUp

LinkUp is a leading data-driven job search company. Every day we index millions of job openings directly from employer websites.

Global Cybersecurity Forum (GCF)

Global Cybersecurity Forum (GCF)

Global Cybersecurity Forum is a catalyst platform designed to create a more resilient and better cyberworld for all.

WidePoint

WidePoint

WidePoint Corporation is an innovative provider of Trusted Mobility Management (TM2) solutions.

Quside

Quside

Quside, a spin-off from The Institute of Photonic Sciences in Barcelona, designs and manufactures innovative quantum technologies for a wide range of applications including cyber security.

Speedinvest

Speedinvest

Speedinvest is one of Europe’s most active early-stage investors with a focus on Deep Tech, Fintech, Industrial Tech, Network Effects, and Digital Health.

StrikeReady

StrikeReady

StrikeReady have developed CARA, an advanced technology solution that offers personalized and proactive assessment and remediation of future and current risk in real-time.

BullWall

BullWall

BullWall is a digital innovator dedicated to fight cybercrime in its many forms. Our overarching purpose is to stop new and unknown strings of ransomware attacks in its tracks.

Digital Silence

Digital Silence

Digital Silence is a world-class provider of information security research and consulting services.

Lucidum

Lucidum

The Lucidum platform helps you assess risk and mitigate vulnerabilities by finding and correlating data from your security tech stack.

Quantum Ventura

Quantum Ventura

Quantum Ventura is a technology innovation company with a single mission of delivering customer-centric advanced solutions to US Federal & State Governments and Private Sector customers.

CODA Intelligence

CODA Intelligence

CODA's AI-powered attack surface management platform helps you sort out the important remediations needed in order to avoid exploits on your systems.

Beazley Security

Beazley Security

Beazley Security is a global cyber security firm committed to helping clients develop true cyber resilience: the ability to withstand and recover from any cyberattack.