Virtualization Technology News and Information
Malicious Phishing Emails Increased by 569% in 2022, According to Annual Report from Cofense

Cofense announced the release of its 2023 Annual State of Email Security Report, which highlights the growing threats that continuously bypass standard email security solutions. As observed by Cofense Intelligence, 2022 saw a 569% increase in malicious phishing emails and a 478% increase in credential phishing-related threat reports published.

Combining a global network of more than 35 million people with artificial intelligence and machine learning, Cofense has access to a dynamic and vast dataset of actionable, advanced threat intelligence. These insights provide Cofense with unmatched visibility into emails bypassing SEGs and hitting users' inboxes, highlighted by a 99.996% accuracy rate on phishing threat analysis over the last year. The annual report is a comprehensive assessment of the trends the Cofense team observed through this data in 2022.

"The cybersecurity landscape is always evolving, so it is imperative to stay on top of the latest trends and tactics," said Tonia Dudley, Vice President and Chief Information Security Officer at Cofense. "As threats increase in frequency, intensity and sophistication, the need for rapid and actionable intelligence has never been greater. The increase in nation-state attacks and major incidents overall continues to apply pressure to drive visibility of an organization's security program by boards, corporate executives and cyber insurers. With this pressure, organizations must continue to evaluate ways to mitigate risk and assess what email security controls need to be added or enhanced to raise their overall security posture."

Email Security Trends Hitting Inboxes

Cofense's crowdsourced methodology provides a view into the malicious emails that are reaching inboxes today. Based on Cofense intelligence, the top five trends in the email security landscape highlight that delivery methods for carrying out phishing campaigns continue to keep up with the advancement of technology. Cofense witnessed a continued blending of tactics to make detection and mitigation even more difficult for organizations. The top trends for 2022 include:

  • Credential phishing is the top attack vector with a 478% increase in malicious emails identified
  • Emotet & QakBot remain the top malware families
  • Business email compromise (BEC) continues to be one of the top cybercrimes for the eighth year in a row
  • Web3 technologies used in phishing campaigns increased by 341%
  • Telegram bots as exfiltration destinations increased by 800%

Top Malware Families to Watch

In 2022, the Cofense team observed a 44% increase in malware as compared to 2021. The report highlights the top five malware families that made up the highest volume of phishing campaigns disseminated in 2022. Several characteristics can make a malware family more appealing to threat actors, such as the malware features, cost, and complexity. In combination, these properties determine how well malware aligns with a threat actor's agenda for a phishing campaign.

The top five malware families of 2022 include Emotet, Qakbot, Formbook, Agent Tesla and Snake. Most notably, the continued position of Emotet at the top of the list is a testament to its ability to out scale all other malware-delivery campaigns, even after months of inactivity. Additionally, QakBot continues to evolve defensive mechanisms against malware analysis, and phishing emails delivering the malware continue to successfully reach inboxes.

To download the 2023 Annual State of Email Security Report, visit

Published Wednesday, March 29, 2023 10:13 AM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<March 2023>