Virtualization Technology News and Information
Article
RSS
Cofense Quarterly Trends Report Reveals Evolving Threats in Email Security

Cofense announced the release of its Q3 2024 Phishing Intelligence Trends Review curated from the Cofense Phishing Defense Center. The report shows that Cofense detected one malicious email bypassing customers' secure email gateways (SEGs) every 45 seconds - up from every 57 seconds as reported in the 2023 annual report.   

The report also highlights the rapid rise in Remote Access Trojans (RATs) and the evolution of credential phishing techniques that exploit trusted platforms. Remcos RAT emerged as the predominant malware, leveraging methods to bypass SEGs with ease. Additionally, open redirects using popular sites like TikTok and embedded QR codes in Office documents have contributed to an impressive surge in document-based phishing attacks. 

"We continue to see threats bypassing perimeter email security defenses at an alarming rate, which is a clear indication that threat actors continue to innovate phishing campaigns faster than technology can stop them," said Josh Bartolomie, Vice President of Global Threat Services of Cofense. "It's time organizations rethink their approach to email security. Focus on solutions that combine technology and human insights, leveraging real-time threat intelligence to effectively combat emerging risks." 

Key Findings in the Q3 2024 Trends Report: 

  • Spike in RAT Use: RATs, especially the Remcos RAT, have seen a 59% increase in email share, emerging as an adaptable tool with capabilities like keylogging and credential theft. With RAT volumes increasing sevenfold since Q2, attackers are favoring these tools to bypass SEGs effectively.
  • Open Redirect Usage Increased by 627%: Techniques leveraging open redirects, like TikTok and Google AMP, surged in Q3. And TikTok[.]com became a top domain used for credential phishing-climbing from outside the top 100 to the 5th most common top-level domain (TLD).
  • Malicious Office Document Usage Rises by Nearly 600%: Malicious Office documents-most notably .docx files embedded with phishing links or QR codes-saw usage rise significantly. These attachments help attackers sidestep detection, increasing the likelihood of reaching user inboxes.
  • Changes in Data Exfiltration Tactics: Domains using the .ru and .su TLDs saw usage increase by more than 4x and 12x, respectively. This trend points to a notable shift in how data exfiltration is approached within credential phishing efforts, reflecting an adaptive use of lesser-monitored TLDs.

Emerging Threats to Watch for Q4 2024 and Beyond 

In Q4 2024, there is an anticipated rise in the use of GitHub as a means for bypassing SEGs, leveraging its credibility to avoid detection. Phishing campaigns with holiday themes are likely to increase, tapping into seasonal consumer habits. As interest rates decrease, phishing efforts aimed at US brokerage firms such as Fidelity, Vanguard, and Charles Schwab may see growth, targeting financial concerns. 

Phishing with a focus on shipping themes could also rise if disruptions from port strikes and logistics delays remain prominent. At the same time, campaigns centered around multi-factor authentication (MFA) may decrease as attackers shift to more relevant, high-impact opportunities in Q4. Organizations need to adapt proactive defenses in order to thwart these shifting threats. 

Download the full Q3 2024 Phishing Intelligence Trends Review here
Published Tuesday, November 19, 2024 2:11 PM by David Marshall
Filed under: ,
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<November 2024>
SuMoTuWeThFrSa
272829303112
3456789
10111213141516
17181920212223
24252627282930
1234567