Stay in the Loop on Emerging and Evolving Email Threat Trends

Stay in the Loop on Emerging and Evolving Email Threat TrendsIn today’s fast-paced digital world, it seems the only constant is change. Advances in technology lead to more sophisticated cyberthreats and more sophisticated defenses, making for a sort of arms race between cybersecurity experts and cybercriminals. This is why it is always important for cybersecurity and infosec professional to keep themselves informed on the digital landscape and threat trends.

VIPRE Security Group has published their Email Threat Trends Report for Q1 of 2024, examining the most common, pressing, and harmful threats delivered via email. Using over 25 years of malware protection expertise, they have analyzed nearly two billion emails to draw conclusions about the evolution of threat trends and email security. Some of the key findings of the report are summarized below.

Year-over-Year Analysis

One of the benefits of the VIPRE report is the ability to compare it to past reports and gain insight into the shifting threat trends over time. Compared to the Email Threat Trends Report from Q1 of 2023, there are a number of notable similarities and differences.

• VIPRE processed 234 million spam emails in the first quarter of this year, 12 million more than Q1 2023.
• Similarly to last year, 95% of the analyzed sample were spam emails.
• While 2023 saw a spike in spam emails in February, there was a similar spike in March of this year.
• Last year showed more phishing emails than scam emails, but scams overtook phishing attempts in Q1 2024.
• In Q1 2023, the most targeted sectors were financial (25%), healthcare (22%), and education (15%); the Q1 2024 report shows the industries most victimized by malicious emails to be manufacturing (45%), government (15%), and IT (11%).
• With the upcoming election, 2024 is already seeing a significant spike in election-related email scams crafted to deceive targets to manipulate the electoral process or just take advantage of sensationalism for financial gain.

Phishing and Scam Email Trends

In recent years, the advent and advances of artificial intelligence (AI) and machine learning (ML) technologies have made it easier for bad actors to craft more sophisticated and convincing phishing emails than ever. As time goes on, these AI and ML tools only grow more and more advanced, so it should come as no surprise to find that Q1 of 2024 shows use of generative AI tools like ChatGPT to craft scam emails.

While many phishing emails claim to originate from trusted sources and known brands, Q1 of 2024 has shown a marked increase in phishing emails purporting to be from human resources departments. Whether they refer to false employee benefits, compensation, or insurance, these emails often contain .html or .pdf attachments and QR codes leading to a phishing website. An email from HR is one that targets in professional environments are primed to trust and take seriously, and the phishing scams that use this tactic are designed to take advantage of that trust.

Another opportunistic method that bad actors are using so far in 2024 is manipulating election buzz to their advantage, as mentioned above. Some of the election-related scam emails noted in the report claim to offer confidential information regarding certain candidates, while others leverage sensationalist rhetoric to take advantage of the divisive political climate.

Malware and Malspam Trends

One of the most notable differences between Q1 2023 and Q1 2024 is the proportion of malicious links to malicious attachments in malspam emails. Whereas 97% of malspam emails in Q1 2023 used malicious attachments, Q1 2024 shows a significantly lower 78% malicious attachment rate and 22% malicious links. Trends in malspam attachments include:

• Of the malicious emails that used attachments, 51% used .pdf files, followed by .docm/.docx (27%), .html (14%), .xlsm/.xlsx (6%), and .zip (2%).
• The malware family Pikabot is the top malware family of Q1 2024, accounting for every malicious .pdf file examined in the report.
• Pikabot experienced a spike in January of attacks using replies to previously compromised email threads to send malicious PDF attachments.
• The Pikabot malware grants bad actors unauthorized access to the target device, and can be used to carry out a range of nefarious activities from stealing sensitive data to facilitating remote control.Of the 22% of malspam emails that used malicious links, some of the key findings are:
• The three main types of malspam links are compromised legitimate websites, newly registered domains, and cloud storage platforms.
• The Pikabot malware family also featured prominently among the malspam links analyzed by the report.

Conclusion

The only way to effectively build a defense against threats of all kinds is to understand where they come from and how they evolve over time. Keeping track of all of the technological advances and threat trends is no simple task, but reports analyzing email threat trends can help security professionals gain insight into what to watch out for. The Q1 2024 report shows threat trends very much in line with past developments, as well as a glimpse into what the future may hold.