Cofense announced the release of its 2023 Annual State of Email Security Report,
which highlights the growing threats that continuously bypass standard
email security solutions. As observed by Cofense Intelligence, 2022 saw a
569% increase in malicious phishing emails and a 478% increase in
credential phishing-related threat reports published.
Combining a global network of more than 35 million people with
artificial intelligence and machine learning, Cofense has access to a
dynamic and vast dataset of actionable, advanced threat intelligence.
These insights provide Cofense with unmatched visibility into emails
bypassing SEGs and hitting users' inboxes, highlighted by a 99.996%
accuracy rate on phishing threat analysis over the last year. The annual
report is a comprehensive assessment of the trends the Cofense team
observed through this data in 2022.
"The cybersecurity landscape is always evolving, so it is imperative to
stay on top of the latest trends and tactics," said Tonia Dudley, Vice
President and Chief Information Security Officer at Cofense. "As threats
increase in frequency, intensity and sophistication, the need for rapid
and actionable intelligence has never been greater. The increase in
nation-state attacks and major incidents overall continues to apply
pressure to drive visibility of an organization's security program by
boards, corporate executives and cyber insurers. With this pressure,
organizations must continue to evaluate ways to mitigate risk and assess
what email security controls need to be added or enhanced to raise
their overall security posture."
Email Security Trends Hitting Inboxes
Cofense's crowdsourced methodology provides a view into the malicious
emails that are reaching inboxes today. Based on Cofense intelligence,
the top five trends in the email security landscape highlight that
delivery methods for carrying out phishing campaigns continue to keep up
with the advancement of technology. Cofense witnessed a continued
blending of tactics to make detection and mitigation even more difficult
for organizations. The top trends for 2022 include:
-
Credential phishing is the top attack vector with a 478% increase in malicious emails identified
-
Emotet & QakBot remain the top malware families
-
Business email compromise (BEC) continues to be one of the top cybercrimes for the eighth year in a row
-
Web3 technologies used in phishing campaigns increased by 341%
-
Telegram bots as exfiltration destinations increased by 800%
Top Malware Families to Watch
In 2022, the Cofense team observed a 44% increase in malware as compared
to 2021. The report highlights the top five malware families that made
up the highest volume of phishing campaigns disseminated in 2022.
Several characteristics can make a malware family more appealing to
threat actors, such as the malware features, cost, and complexity. In
combination, these properties determine how well malware aligns with a
threat actor's agenda for a phishing campaign.
The top five malware families of 2022 include Emotet, Qakbot, Formbook,
Agent Tesla and Snake. Most notably, the continued position of Emotet at
the top of the list is a testament to its ability to out scale all
other malware-delivery campaigns, even after months of inactivity.
Additionally, QakBot continues to evolve defensive mechanisms against
malware analysis, and phishing emails delivering the malware continue to
successfully reach inboxes.
To download the 2023 Annual State of Email Security Report, visit https://cofense.com/annualreport.