Cofense announced the release of
its Q3 2024 Phishing Intelligence Trends Review curated from the Cofense
Phishing Defense Center. The report shows that Cofense detected one malicious
email bypassing customers' secure email gateways (SEGs) every 45 seconds - up
from every 57 seconds as reported in the 2023 annual report.
The
report also highlights the rapid rise in Remote Access Trojans (RATs) and the
evolution of credential phishing techniques that exploit trusted platforms.
Remcos RAT emerged as the predominant malware, leveraging methods to bypass
SEGs with ease. Additionally, open redirects using popular sites like TikTok
and embedded QR codes in Office documents have contributed to an impressive
surge in document-based phishing attacks.
"We
continue to see threats bypassing perimeter email security defenses at an
alarming rate, which is a clear indication that threat actors continue to
innovate phishing campaigns faster than technology can stop them," said Josh
Bartolomie, Vice President of Global Threat Services of Cofense. "It's time
organizations rethink their approach to email security. Focus on solutions that
combine technology and human insights, leveraging real-time threat intelligence
to effectively combat emerging risks."
Key Findings in the Q3 2024 Trends
Report:
-
Spike in RAT Use: RATs, especially the Remcos RAT, have
seen a 59% increase in email share, emerging as an adaptable tool with
capabilities like keylogging and credential theft. With RAT volumes increasing
sevenfold since Q2, attackers are favoring these tools to bypass SEGs
effectively.
-
Open Redirect Usage Increased
by 627%: Techniques leveraging open redirects, like TikTok and Google AMP, surged in
Q3. And TikTok[.]com became a top domain used for credential phishing-climbing
from outside the top 100 to the 5th most common top-level domain (TLD).
-
Malicious Office Document
Usage Rises by Nearly 600%: Malicious Office documents-most notably .docx files
embedded with phishing links or QR codes-saw usage rise significantly. These
attachments help attackers sidestep detection, increasing the likelihood of
reaching user inboxes.
-
Changes in Data Exfiltration
Tactics: Domains using
the .ru and .su TLDs saw usage increase by more than 4x and 12x, respectively.
This trend points to a notable shift in how data exfiltration is approached
within credential phishing efforts, reflecting an adaptive use of
lesser-monitored TLDs.
Emerging Threats to Watch for Q4 2024
and Beyond
In
Q4 2024, there is an anticipated rise in the use of GitHub as a means for
bypassing SEGs, leveraging its credibility to avoid detection. Phishing
campaigns with holiday themes are likely to increase, tapping into seasonal consumer
habits. As interest rates decrease, phishing efforts aimed at US brokerage
firms such as Fidelity, Vanguard, and Charles Schwab may see growth, targeting
financial concerns.
Phishing
with a focus on shipping themes could also rise if disruptions from port
strikes and logistics delays remain prominent. At the same time, campaigns
centered around multi-factor authentication (MFA) may decrease as attackers
shift to more relevant, high-impact opportunities in Q4. Organizations need to
adapt proactive defenses in order to thwart these shifting threats.
Download the full Q3
2024 Phishing Intelligence Trends Review
here