Investigations routinely expose the rapidly changing landscape of email-based threats and innovative tactics as malicious actors relentlessly change tactics, probing human and software vulnerabilities with cunning and innovative attacks.
The latest analysis of more than 1.8 billion emails in the first quarter of this year reveals that the United States is the largest source of spam emails, followed by the United Kingdom, Ireland and Japan. This is a change from the corresponding period in 2023, when, in addition to the United States, Germany and Turkey were the dominant sources of spam emails. Furthermore, it seems that the countries of origin of the spam are also the same as its targets. The United States, the United Kingdom, and Canada are the three countries most affected by email-based attacks. The reasons could be socioeconomic factors or simply that cybercriminals are changing course as surveillance companies keep pace with their territory-focused tricks.
Quishing, scams and email phishing
While we are not seeing high volume yet, there is a growing trend of phishing with QR codes or Quishing. The convenience that QR codes offer users is why criminals are exploiting this technology, using QR codes as easy bait.
Scams are gaining popularity among cybercriminals, surpassing phishing emails. Criminals know which buttons to press. Phishing emails posing as Human Resources communications and falsely claiming to be related to employee benefits, compensation, or insurance within a company are steadily increasing. These emails often contain malicious attachments in .html or .pdf formats, with phishing QR codes that redirect recipients to phishing sites upon scanning. Employees are falling victim to generative AI technologies that allow cybercriminals to create convincing, error-free phishing emails in virtually any language of their choice.
Additionally, criminals use common phrases that are perfectly legitimate services to scam: “2FA authentication is outdated,” “your email is quarantined,” “your password has expired,” “update your subscription details,” and “here “There is your account statement.” review” – are widely used to deceive.
Director of Product Management, Vipre.
New phishing trends
In email phishing campaigns, criminals are increasingly using malicious links in emails, followed by attachments and QR codes to trick end users. Attackers employ links in phishing emails for URL redirection, a technique that opens a different web page when the desired web page is clicked. It is effectively a bait and switch technique. They implement this tactic because the legitimate URL avoids detection by most email security tools and users, while on the back-end, the malicious link carries out unscrupulous activity.
Malicious attachments are an emerging tactic that is gaining favor with bad actors to conduct phishing attacks. There is a marked shift toward using .ics calendar invitations and .rtf attachment formats to trick recipients into opening malicious content. Users and businesses will also do well to keep an eye out for .eml attachments. Smart threat actors send malicious payloads via .eml files because they are missed when attached to phishing emails, as the emails come out clean.
Brand impersonation
Perhaps unsurprisingly, Microsoft is the most counterfeited brand. With four out of five Fortune 500 companies using Microsoft Office 365, it's a sure win for scammers, which is why attacks are increasing daily.
Brands like DocuSign, eFax, and PayPal are also finding success with threat actors. Electronic signatures have more or less become the default mechanism for validating important documents, especially legal ones. By targeting digital faxes and PayPal, they may be targeting the less cybersecurity-savvy crowd.
Malspam proliferating
Malicious spam links are proliferating at an alarming rate. Threat actors are increasingly using malspam, possibly encouraged by the success of password-targeted phishing emails that use links. Many opt for malicious links in malspam emails instead of attachments. Malware is increasingly hiding in cloud storage platforms like Google Drive.
And after the international takedown of the Qakbot malware, there will be no rest for the bad guys! – Pikabot has become the leading malware family, with most of its attacks focusing on users in the United Kingdom and Norway.
Faced with this panorama of email threats, what should companies do?
Faced with this increasingly intense barrage of email-based cyber threats, businesses can no longer rely on outdated or isolated security measures. A multi-layered security approach is needed, from secure email and endpoint protection to threat intelligence and ongoing user awareness and security training initiatives.
Today, Microsoft is the default technology environment for businesses. Microsoft Office has established itself as the industry standard throughout the business world. This ubiquity has made Microsoft an easy target for criminals. Strengthening email security is an imperative. Of course, Microsoft offers standard security, but the platform has some inherent limitations that make advanced email threat protection vital.
Link Isolation is one of those fundamental techniques to protect against unknown zero-day threats. It renders malicious URLs in emails and their associated web pages harmless. To check for malicious attachments, sandboxing capability is a must. This technique isolates the suspicious file in a “sandbox,” that is, a virtual machine in the cloud, allowing the security team to investigate the potential threat, understand the attack pattern, and gain deep insight into the incident to anticipate. to a security threat. breach. This type of live, real-time monitoring and intelligence is essential in today's environment where criminals tirelessly seek to exploit human and software flaws.
These techniques ensure a true zero-trust approach to email security by ensuring that every link is dynamically and quickly analyzed to help keep the enterprise secure.
Finally, a layered approach to security requires adopting the best third-party services. No single solution or platform can comprehensively provide all security capabilities. Microsoft is a good example. The company offers everything from productivity suites and operating systems to cloud platforms and developer tools. Of course, there is security built into these solutions, but Microsoft is not a specialized security provider, and it is definitely not a specialized email security provider, although Outlook is today the default tool for managing email messages, calendars, contacts. and more.
We list the best email hosting services.
This article was produced as part of TechRadarPro's Expert Insights channel, where we feature the best and brightest minds in today's tech industry. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing, find out more here:
