The research reveals a rapidly changing email-based threat landscape and that malicious actors are constantly shifting their tactics, routinely probing human and software vulnerabilities with sophisticated and innovative attacks.
According to a new analysis of over 1.8 billion emails sent in the first quarter of this year, the largest source of spam emails is the United States, followed by the United Kingdom, Ireland, and Japan. This is a change from the same period in 2023, when Germany and Turkey were the main sources of spam emails, in addition to the United States. Moreover, the countries from which the spam originates appear to be the same as those that it targets: the United States, the United Kingdom, and Canada are the top three countries most susceptible to email-based attacks. The reasons could be socio-economic factors, or cybercriminals may simply be changing tack as wary companies follow suit with their territorial-centric modus operandi.
Quishing, Scams, and Email Phishing
Although not yet widespread, QR code phishing and quizzing is a growing trend. The convenience that QR codes provide to users is exactly why criminals are exploiting this technology and using QR codes as easy bait.
Scams are becoming increasingly popular among cybercriminals, surpassing phishing emails. Criminals know which buttons to press. There has been a steady increase in phishing emails posing as communications from HR and purporting to be about internal employee benefits, compensation, and insurance. Often, these emails contain malicious attachments in .html or .pdf format that contain phishing QR codes that, when scanned, redirect to a phishing site. Generative AI technology allows cybercriminals to create error-free, convincing phishing emails in virtually any language, so employees fall prey.
It is also widely used by criminals to trick users into signing up for common phrases that are completely legitimate services, such as “Your 2FA authentication is out of date”, “Your email has been quarantined”, “Your password has expired”, “Please update your subscription details”, and “This is your account review statement”.
Director of Product Management at Vipre.
New Phishing Trends
In email phishing campaigns, criminals are increasingly using malicious links in emails followed by attachments or QR codes to trick end users. Attackers are using links in phishing emails for URL redirection, where a desired webpage opens a different one when clicked. This is essentially a bait-and-switch technique. Attackers employ this tactic because the legitimate URL evades most email security tools and user detection, while the malicious links carry out fraudulent activities on the backend.
Malicious attachments are a new and favored tactic by bad actors to carry out phishing attacks. There has been a noticeable trend of using .ics calendar invites and .rtf attachment formats to trick recipients into opening malicious content. Users and businesses should also be wary of .eml attachments. Sophisticated threat actors are sending malicious payloads via .eml files in phishing emails because the emails are clean and therefore overlooked.
Brand impersonation
It’s probably no surprise that Microsoft is the most spoofed brand: Four out of five Fortune 500 companies use Microsoft Office 365, giving fraudsters a clear advantage and resulting in more attacks every day.
Brands such as DocuSign, eFax, and PayPal have also proven effective for threat actors. Electronic signatures have become the default mechanism for verifying important documents, especially legal documents. By targeting digital fax and PayPal, they may be targeting a demographic that is less cybersecurity savvy.
Malspam Proliferation
Malicious spam links are growing at an alarming rate. Threat actors are increasingly using malspam, motivated by the success of password-oriented phishing emails with links. Many people are choosing malicious links in malspam emails instead of attachments. Malware is also increasingly hidden in cloud storage platforms such as Google Drive.
And after the Qakbot malware was taken down internationally (the bad guys never rest!), Pikabot has emerged as the top malware family, with most of its attacks focused on users in the UK and Norway.
What should businesses do about this email threat landscape?
As email-based cyber threats intensify, businesses can no longer rely on outdated or isolated security measures. Security requires a multi-layered approach, from email and endpoint protection security to threat intelligence to ongoing user awareness and security training efforts.
Today, Microsoft has become the default technology environment for enterprises. Microsoft Office has established itself as an industry standard across the corporate world. This ubiquity has made Microsoft a popular target for criminals. Strengthening email security is a must. Of course, Microsoft offers standard security, but the platform has inherent limitations that make it essential to layer on advanced email threat protection.
Link isolation is one of the essential technologies to protect against unknown zero-day threats. It renders malicious URLs in emails and associated web pages harmless. Sandboxing is essential to check for malicious attachments. This technology isolates suspicious files in a “sandbox” (a virtual machine in the cloud) and allows security teams to investigate potential threats, understand attack patterns, gain deep insights into incidents, and prevent security breaches before they happen. In today’s environment, where criminals are relentless in their pursuit to exploit human and software flaws, such live, real-time monitoring and intelligence is essential.
These technologies enable a true zero trust approach to email security by dynamically and instantly scanning all links to keep your business safe.
Finally, a layered approach to security requires employing best-in-class third-party services. No single solution or platform can comprehensively provide all security capabilities. Microsoft is a great example. The company offers everything from productivity suites and operating systems to cloud platforms and developer tools. Of course, security is built into these solutions, but Microsoft is not a specialized security provider, nor is it a specialized email security provider, even though Outlook is now the default tool for managing email messages, calendars, contacts, and more.
List the best email hosting services.
This article was produced as part of TechRadarPro’s Expert Insights channel, featuring the best and brightest minds in technology today. Opinions expressed here are those of the author and not necessarily those of TechRadarPro or Future plc. If you’re interested in contributing, find out more here. https://www.techradar.com/news/submit-your-story-to-techradar-pro