email-based threats email security phishing ransomware

Challenging Times Remain Among the Ever-Evolving Email Landscape

Criminals are successfully using email to scam, infiltrate networks, and unleash malicious payloads. We’re continuing to witness bad actors relentlessly exploit human vulnerabilities and software flaws, circumventing email gateways and security measures with alarming precision.

Robust email and endpoint defenses and a vigilant human frontline remain our most potent defenses against these unyielding attacks. In the digital world, the battlefield is vast and varied, and email has emerged as a favored weapon of choice for cybercriminals.

Recently, my organization released the results of its latest quarterly email threat report, which comprehensively analyzes the current state of email-based threats. The insights gained remain vital to addressing emerging tactics and trends of attack and provide possible strategies for those seeking to bolster their cybersecurity measures.

Ultimately, every organization is a potential target, so we must continue to leverage knowledge, data, and insights to bolster defenses and protect digital assets.

First, however, some perspective.

Geographical Hotspots and Targeted Sectors

The report identifies the US, UK, Ireland, and Japan as the top sources of spam emails globally. This data is significant as it highlights the geographical hotspots of cyber threats. On the receiving end, the US, UK, and Canada are the most targeted countries. This geographical data is crucial for organizations to understand the global threat landscape and devise effective defense strategies.

In terms of sectors, the manufacturing industry has emerged as the prime target, accounting for 43% of email-based attacks in Q1 2024. This is a significant shift from Q1 2023, where the primary targets were the financial, healthcare, and education sectors. This shift underscores the evolving nature of cyber threats and the need for industries to stay vigilant and adaptive.

But why manufacturing? Money. Manufacturers often pay when attacked because even minor incursions can have huge repercussions.

“The larger the constituency affected by a ransomware attack, the more likely a victim pays ransoms,” IndustryWeek notes. “In manufacturing, a successful attack may cause tremendous and cascading amounts of damage if it targets critical plant equipment. Supply chain fragility creates long-reaching ripple effects when cyberattacks succeed on these targets. Taking a few production lines down for even a few days could seriously affect meeting production and distribution targets.”

Emerging Threats and Tactics

‘Scams’ within the spam category are growing in popularity among cybercriminals, surpassing phishing emails in Q1 2024. This trend indicates a shift in cybercriminal tactics, with scammers becoming more innovative and deceptive.

There’s been a notable increase in phishing emails masquerading as communications from Human Resources. These emails falsely claim to relate to company employee benefits, compensation, or insurance. They often contain malicious attachments in .html or .pdf formats, featuring phishing QR codes that redirect recipients to phishing sites upon scanning.

In email phishing campaigns, 75% of emails leverage links, 24% favor attachments, and 1% use QR codes. Cybercriminals employ links in phishing emails to point to redirected URLs, compromised websites, and newly created domains—all of which are hard to detect without advanced real-time scanning techniques. Emerging tactics include using .ics calendar invites and .rtf attachment file formats to trick recipients into opening malicious content.

Malware Trends

Encouraged by the success of password-oriented phishing emails that use links, cybercriminals are opting for malicious links instead of attachments in malspam emails. Malware is increasingly being hidden in cloud storage platforms, such as Google Drive.

With the dismantling of the Qakbot malware, Pikabot has emerged as the top malware family, with IceID a distant second. This development highlights the dynamic nature of malware threats and the constant need for updated defenses.

Cybercriminals also exploit web application vulnerabilities, most notably Reflected Cross-Site Scripting (XSS), to circumvent detection. They have also succeeded in hijacking threads of NTLM (NT LAN Manager), a security protocol used by Microsoft Windows operating systems for authentication.

Primary takeaways

Email, despite its predicted and overly exaggerated demise, remains a primary weapon for cybercriminals because of its ability to exploit human vulnerabilities and software flaws. Robust defenses are crucial. Likewise, cybercriminals are becoming more innovative, with scams surpassing phishing emails in popularity. New tactics include phishing emails posing as HR communications and using .html, .pdf, .ics, and .rtf file formats to deliver malicious content.

The use of malicious links in emails is also rising, with malware often hidden in cloud storage platforms. The emergence of new malware families like Pikabot and IceID highlights the dynamic nature of these threats.

What to do next

Being aware of the threat landscape and the challenges it faces is half the solution to solving its problems. Then, take action. Strengthen email security and implement advanced email filtering and endpoint protection solutions to detect and block phishing and scam attempts. And don’t forget the user.

Enhance user awareness by conducting regular cybersecurity training for employees to recognize and report suspicious emails, particularly those mimicking HR communications or containing unusual file formats.

Additionally, stay updated on the latest threat intelligence reports and adapt security strategies accordingly; pay special attention to emerging malware families and new phishing tactics, such as the findings generated by the quarterly VIPRE Security Email Threat Landscape Report.

Finally, focus on vulnerability management and regularly update and patch software to protect against known vulnerabilities, particularly those exploited in recent attacks like Reflected XSS and NTLM thread hijacking. Industries like manufacturing and healthcare should develop tailored cybersecurity plans, considering their increased risk and the potential impact of attacks on operations and supply chains, or consider bringing a partner into the fold to address any shortcomings.

By following these steps, organizations can better protect themselves against the ever-evolving landscape of email-based cyber threats.


In conclusion, the evolving landscape of email-based threats demands constant vigilance and adaptation. Cybercriminals are becoming increasingly sophisticated, leveraging new tactics and exploiting vulnerabilities with alarming precision. As highlighted in our latest quarterly email threat report, every organization, regardless of size or industry, is a potential target.

To combat these threats effectively, organizations must prioritize strengthening their email and endpoint security measures. This includes implementing advanced email filtering solutions, conducting regular cybersecurity awareness training for employees, and staying informed about the latest threat intelligence. Additionally, a proactive approach to vulnerability management and tailored cybersecurity strategies for high-risk sectors like manufacturing and healthcare are essential.

Organizations can better protect their digital assets and maintain resilience against the relentless tide of cyber threats by continuously updating defenses and leveraging insights from threat reports. The battle against cybercrime is ongoing, but with robust defenses and a vigilant human frontline, we can significantly reduce the risk and impact of email-based attacks.

Scroll to Top