Latest VIPRE Security Group Email Threat Trends Research Exposes Global Phishing and Malware Threat Landscape

The US, UK, Ireland, and Japan emerge as the main source of spam; manufacturing, government, and IT sectors are most victimized; Pikabot top malware family 

LONDON, May 9, 2024 /PRNewswire/ -- VIPRE Security Group, a global leader and award-winning cybersecurity, privacy, and data protection company, today released its Q1 2024 Email Threat Trends report, based on an analysis of 1.8 billion emails. The findings reveal the evolving landscape of email-based threats and emerging tactics malicious actors are employing.

The US, UK, Ireland, and Japan top the spam sources list
The report identifies the US as the top source of spam emails globally, followed by the U.K., Ireland, and Japan. The US, UK, and Canada are the top three countries most subjected to email-based attacks.

Attackers aim at the manufacturing sector
The manufacturing, government, and IT sectors are the most victimized by malicious actors. In Q1 2024, the manufacturing sector suffered 43% of email-based attacks, with the government (15%) and IT (11%) trailing well behind. This is a change from Q1 2023, when attackers targeted the financial (25%), healthcare (22%), and education (15%) sectors most often.

Scams surpassing phishing 
This research warns that 'scams' within the spam category are growing in popularity among cybercriminals, overtaking phishing emails in the first quarter of 2024.

There's been a notable increase in phishing emails masquerading as communications from Human Resources, falsely claiming to relate to employee benefits, compensation, or insurance within a company. These emails contain malicious attachments in .html or .pdf formats, featuring phishing QR codes that redirect recipients to phishing sites upon scanning.

New phishing trends and techniques
In email phishing campaigns, 75% of emails leverage links, 24% favor attachments, and 1% use QR codes. Attackers are employing links in phishing emails for URL redirection (54%), compromised websites (22%), and newly created domains (15%).

Emerging tactics employed by cybercriminals to execute phishing attacks include the use of .ics calendar invite and .rtf attachment file formats to trick recipients into opening malicious content.

Malspam links and top malware family
Encouraged by the success of password-oriented phishing emails that use links, cybercriminals are opting for malicious links in malspam emails instead of attachments. Malware is increasingly being hidden in cloud storage platforms such as Google Drive. The use of malware-based emails employing attachments has increased to 22% in Q1 2024, from only 3% in Q1 2023.

Due to the void left by the dismantled Qakbot malware, Pikabot has emerged as the top malware family, with IceID a distant second.

Exploiting software vulnerabilities
Criminals are exploiting a web application vulnerability, most notably Reflected Cross-Site Scripting (XSS), focusing on the tag attribute "href", to circumvent detection by using a variety of tactics such as images as the entire email content, encoding URLs, and directing the victim through multiple URLs.

Malicious actors are also finding success with thread hijacking of NTLM (NT LAN Manager), a security protocol used by Microsoft Windows operating systems for authentication. By hijacking the authentication thread, attackers extract NTLM challenge-response hashes from legitimate SMB (Server Message Block) sessions, to enable them to impersonate authenticated users and gain unauthorized access.

"Criminals are using email with success to scam, infiltrate networks, and unleash malicious payloads," warns Usman Choudhary, Chief Product and Technology Officer, VIPRE Security Group. "We're witnessing bad actors relentlessly exploiting human vulnerabilities and software flaws, circumventing email gateways and security measures with alarming precision. Robust email and endpoint defenses, coupled with a vigilant human frontline, remain our strongest defense against these unyielding attacks."

To read the full report, click here: VIPRE's Email Threat Trends Report: Q1 2024.

VIPRE leverages its unique understanding of email security to equip organizations with the information they need to protect themselves. This report is based on proprietary intelligence gleaned from round-the-clock vigilance of the cybersecurity landscape.

About VIPRE Security Group
VIPRE Security Group, part of Ziff Davis, Inc., is a leading provider of internet security solutions purpose-built to protect businesses, solution providers, and home users from costly and malicious cyber threats. With over 25 years of industry expertise, VIPRE is one of the world's largest threat intelligence clouds, delivering exceptional protection against today's most aggressive online threats. Our award-winning software portfolio includes next-generation antivirus endpoint cloud solutions, advanced email security products, along with threat intelligence for real-time malware analysis, and security awareness training for compliance and risk management. VIPRE solutions deliver easy-to-use, comprehensive layered defense through cloud-based and server security, with mobile interfaces that enable instant threat response. VIPRE is a proud Advanced Technology Partner of Amazon Web Services operating globally across North America and Europe.

The group operates under various brands, including VIPRE®, StrongVPN®, IPVanish®, Inspired eLearning®, Livedrive®, and SugarSync®. www.VIPRE.com

SOURCE VIPRE Security Group