The Latest Trends In Email Threats

Threat actors are increasingly hiding malicious links in Google Drive and other cloud storge spaces. Examples include PDF files as a malspam delivery tool have more than quadrupled since Q1 this year, and callback phishing and user-friendly Redline malware is also on the rise. 

Now, leadning cyber security  company, VIPRE Security, has released its Q3 Email Threat Trends Report 2023.  

Analysing nearly two billion emails, the report finds that cyber criminals are adapting their methods to reflect changing consumer habits, alongside exploiting evolving technology to evade detection.

Key highlights of the report include:

  • 233.9 million malicious emails detected in Q3 2023.
  • 110 million emails attributed to malicious content, 118 million to malicious attachments.
  • 150,000 emails displayed previously unknown behaviours.
  • Threat actors favour link-based delivery (58%) over attachments (42%). 
  • Combined heuristic approaches detected roughly ten times more spam instances than a similar signature-based detection approach 

Clearly, email threats remain a big source of trouble in the side of cybersecurity teams. The 150,000 emails containing newly created exploits represent a significant shift in the landscape.

Cyber criminals are also changing their delivery methods to reflect changing consumer habits. As cloud storage services have grown in popularity, so have they developed as a malspam delivery method, accounting for 67% of all malspam delivery methods in Q3 2023. Legitimate, compromised websites made up the remaining 33%.  

Leveraging combined heuristics, VIPRE identified over one million spam incidents across two distinct subsets: legacy heuristic rules caught 810,000, while new heuristic rules reeled in more than 72,000. To put this into perspective, traditional, signature-based approaches identified 150,000 overall.

These numbers represent a shift in the email security landscape as older defensive technologies struggle to keep pace with phishing-as-a-service offerings and an onslaught of novel malware models.  

“Cybercriminals are extremely capable, informed, and effective; we mustn’t underestimate them... However, by exposing cyber criminal attack methods and trends, through this report we aim to empower organisations to combat those who seek to do them harm.” said Usman Choudhary, Chief Product & Technology Officer at VIPRE. 

The report also reveals how cyber criminals are increasingly utilising AI tools to make their emails more believable. Only recently, many, if not most, spoof emails were betrayed by poor grammar, spelling mistakes, or strange formatting. Today, Generative AI tools such as ChatGPT have made this detection method largely obsolete; at the click of a button, cyber criminals can produce literate, well-formatted emails that few could distinguish from legitimate communications.  

ChatGPT continues to improve phishers’ ability to dupe, and LinkedIn Slink is an unforeseen malicious work-around.

Image: Brett Jordan

You Might Also Read: 

Generative AI Tools Help Criminals Launch More Sophisticated Attacks:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« The Information War In Gaza & Israel
Intelligence Chiefs Accuse China Of IP Theft & Online Deception »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Code42

Code42

Code42 CrashPlan, is an enterprise SaaS solution that backs up all distributed end-user data on a single, secure platform.

Cyber DriveWare

Cyber DriveWare

DriveWare analyzes new traffic in the I/O layer and blocks malware and cyber attacks which organizations have no means to protect against.

Auxilium Cyber Security

Auxilium Cyber Security

Auxilium Cyber Security is independent information security consultancy company.

Transpere

Transpere

Transpere provides IT Asset Disposition (ITAD), Data Destruction, Electronic Recycling and Onsite Data Services.

A&O IT Group

A&O IT Group

A&O IT Group provide IT support and services including IT Managed Services, IT Project Services, IT Engineer Services and Cyber Security.

Security & Intelligence Division (SID) - Singapore

Security & Intelligence Division (SID) - Singapore

Security & Intelligence Division (SID) protects Singapore from external threats and safeguards its interests in areas related to terrorism, cyber security, other transnational threats, and geopolitics

iSTORM

iSTORM

iStorm specialise in supporting organisations who require a range of Privacy, Security and Penetration testing related services.

Drumz

Drumz

Drumz plc is an investment company whose investing policy is to invest principally but not exclusively in the technology sector within Europe.

Splashtop

Splashtop

Splashtop’s cloud-based, secure, and easily managed remote access solution is increasingly replacing legacy approaches such as virtual private networks.

XpertDPO

XpertDPO

XpertDPO provides data security, governance, risk and compliance, GDPR and ISO consultancy to public and private sector organisations.

Rhymetec

Rhymetec

Rhymetec are an industry leader in cloud security, providing innovative cybersecurity and data privacy services to the modern-day SaaS business.

Exacom

Exacom

Exacom is a leading provider of multimedia logging/recording solutions across public safety, government, DoD, energy, utilities, transportation, and security applications.

SignMyCode

SignMyCode

SignMyCode is a one-stop shop for trusted and authentic code signing solutions to safeguard software.

RightSec

RightSec

RightSec is an emerging market leader and solution provider for cybersecurity and digital resiliency. We provide end to end solutions to suit your specific business lifecycle.

Gleam Cloud Security Solutions (GCSS)

Gleam Cloud Security Solutions (GCSS)

GCSS Security is an information security firm providing cyber security protection with a highly skilled and experienced team focused on technology that creates best-in-class customer experiences.

Darwinium

Darwinium

Darwinium is a Cyberfraud Prevention Platform that provides scalable customer journey protection without complexity.