In the ever-evolving cybersecurity landscape, staying informed about the latest email threat trends is crucial to protect individuals and organizations. The Q2 Email Threat Trends Report presents a comprehensive analysis of the second quarter’s email security outlook, drawing insights from nearly 1.8 billion emails processed and over 230 million malicious ones detected.
The quarterly bulletin inside the report, sheds light on emerging risks, from phishing techniques and malware families to the rise of QR code-based attacks. It emphasizes the need for advanced email security solutions. Read on to learn more about the ever-increasing threat of cyberattacks.
Q2 Email Threat Trends Overview
The Q2 Email Threat Trends Report highlights the distribution of email threats, revealing that content-based detection accounted for approximately 58% (~130 million) of malicious emails, while link-based detection flagged 42% (~95.7 million). Additionally, behavioral-driven monitoring identified 90,000 malicious attachments, showcasing the necessity for more robust protection against the new generation of sophisticated threats.
Addressing this challenge head-on, the report introduces Link Isolation technology, an innovative solution that identified nearly 10 million malicious links. This advanced approach ensures protection against zero-day vulnerabilities through sandboxing and behavior analysis, offering an essential shield against previously undiscoverable threats.
Who is Being Attacked
The report also reveals a notable shift in the targets of email-based attacks compared to the previous quarter. While financial institutions dominated the list in Q1, the spotlight turned to Information Technology (IT) organizations in Q2. These entities received the highest number of phishing emails. Government agencies and educational institutions followed closely, experiencing 21% and 11% of phishing attempts, respectively.
Notably, the finance and healthcare sectors, which faced significant attacks in the earlier quarter, observed a decline in targeting. This could be due to their bolstered security measures following previous attacks. On the other hand, IT organizations became a prime target due to their vast employee base, known cybersecurity defenses, and a lack of investment in security within government agencies.
As cyber criminals adapt their strategies, organizations across various sectors must remain vigilant and fortify their email security defenses to counter the changing threat landscape effectively. The subsequent section will delve into the tactics used by threat actors to carry out these attacks successfully.
How They Are Being Attacked
The report reveals that social engineering remains the preferred tactic among threat actors, with 85% of phishing emails utilizing malicious links embedded in the content. Common phishing phrases include urgent requests for password changes and account verification. Cybercriminals often impersonate well-known brands, with Microsoft being the most frequently spoofed, followed by Apple, DocuSign, and Norwegian institution SpareBank, amongst others.
Top-Level Domains (TLDs) like “.com” dominated the landscape, but an increase in “.es” and “.edu” TLDs was observed in Q2, possibly due to end-of-school-year activities. URL redirection and other techniques are also used to conceal phishing links.
Organizations must be aware of emerging phishing trends and bolster their email security to stay protected. The subsequent section will focus on the rapid rise of Business Email Compromise (BEC) attacks.
BEC Triples in 3 Months
The Q2 Email Threat Trends Report highlights a significant surge in Business Email Compromise (BEC) attacks, with instances tripling within just three months. The FBI Internet Crime Report supports this finding, revealing that BEC losses are an alarming 78 times higher than ransomware attacks. Threat actors employ BEC scams to trick targets into transferring money, often posing as high-level executives or trusted partners.
Commonly used phrases in BEC emails include “Complete an assignment for me,” “Swift email response,” and “Confidential.” Threat actors frequently spoof senders from free email services like the Gmail, Outlook, and Yahoo domains. As BEC attacks continue to evolve, organizations must prioritize cybersecurity awareness and implement stringent measures to safeguard against financial loss.
More Spam, Overall
The report’s findings indicate a 30% increase in spam emails compared to the previous quarter. Out of 12,615 email samples analyzed, 92% were classified as spam emails. April witnessed the highest spam activity, likely attributed to the end of the 2022 tax year, when cybercriminals exploited a sense of urgency.
The United States accounts for most spam, followed by Denmark, Ireland, and China. Interestingly, Germany and Turkey were top spam originators last year and did not make it to the top-three list this quarter. As spam attacks become more pervasive, robust email security solutions are essential to prevent users from falling victim to phishing attempts and malicious content.
Malicious Attachments and Macro-less Attacks
Malicious attachments remain a prominent method for delivering malware. The most commonly used phishing attachment in Q2 was the .HTML/HTM file, comprising 62% of file attachments. However, this marked a decrease compared to the previous quarter.
PDF files accounted for 30% of attachments, followed by .EML (7%) and .ZIP (1%) files. Threat actors often use filenames related to “invoice” and “remittance” to deceive victims into opening malicious attachments.
Additionally, the report identifies a concerning trend of macro-less malspam attacks. These campaigns exploit vulnerabilities like the Follina vulnerability (CVE-2022-30190) to execute PowerShell scripts, leading to the download of sophisticated Remote Access Trojans (RATs) like XWorm malware.
As email-based attacks evolve, organizations must equip themselves with robust email security solutions and promote cybersecurity awareness to combat emerging threats effectively.
