Research routinely exposes the rapidly changing email-based threat landscape and its innovative tactics, as malicious actors relentlessly shift tactics and seek out human and software vulnerabilities with crafty, innovative attacks.
The latest analysis of more than 1.8 billion emails in the first quarter of this year shows that the US is the largest source of spam emails, followed by Britain, Ireland and Japan. This is a change from the corresponding period in 2023, when, in addition to the US, Germany and Turkey were also the dominant sources of spam emails. Furthermore, it appears that the countries the spam comes from are also the same as their targets. The US, UK and Canada are the top three countries most exposed to email attacks. The reasons could be socio-economic factors or simply that cybercriminals are changing course as vigilant companies keep pace with their turf-targeting schemes.
Quishing, scams and email phishing
Although we are not seeing a large volume yet, there is a growing trend of QR code phishing or Quishing. The convenience that QR codes offer users is exactly why criminals are abusing this technology and using QR codes as easy bait.
Scams are becoming increasingly popular among cybercriminals, surpassing phishing emails. The criminals know which buttons to press. The number of phishing emails masquerading as Human Resources communications and falsely claiming to relate to employee benefits, compensation or insurance within a company is steadily increasing. These emails often contain malicious attachments in .html or .pdf formats, with phishing QR codes that redirect recipients to phishing sites after scanning. Employees are falling prey as generative AI technologies allow cybercriminals to create error-free, convincing phishing emails in virtually any language of their choice.
Also, criminals use common phrases that are completely legitimate services to deceive – “2FA authentication is outdated”, “your email address has been quarantined”, “your password has expired”, “update your subscription details” and “here is your bank statement review” – are widely used to deceive.
Director of Product Management, Vipre.
New phishing trends
Email phishing campaigns increasingly see criminals using malicious links in emails, followed by attachments and QR codes to defraud end users. Attackers use links in phishing emails for URL redirection, a technique that opens another web page when the desired web page is clicked. It’s basically a bait-and-switch technique. They employ this tactic because the legitimate URL avoids detection by most email security tools and users, while on the back end the malicious link performs unscrupulous activities.
Malicious attachments are an emerging tactic that is increasingly favored by bad actors to conduct phishing attacks. There is a clear shift towards using .ics calendar invites and .rtf attachment file formats to trick recipients into opening malicious content. Users and businesses would also be wise to remain vigilant against .eml attachments. Smart threat actors send malicious payloads via .eml files because they are overlooked when attached to phishing emails as the emails come out clean.
Brand spoofing
It’s perhaps no surprise that Microsoft is the most counterfeited brand. With four out of five Fortune 500 companies using Microsoft Office 365, this is a surefire win for scammers. That is why the attacks are increasing daily.
Brands like DocuSign, eFax and PayPal are also proving successful for threat actors. Electronic signatures have more or less become the standard mechanism for validating important documents, especially legal documents. By focusing on digital faxes and PayPal, they may be capturing the less cybersecurity-savvy group.
Multiplying malspam
Malicious spam links are spreading at an alarming rate. Threat actors are increasingly using malspam, possibly encouraged by the success of password-targeted phishing emails that leverage links. Many opt for malicious links in malspam emails instead of attachments. Malware is also increasingly hidden in cloud storage platforms such as Google Drive.
And after the international dismantling of the Qakbot malware – no rest for the wicked! – Pikabot has become the largest malware family, with most attacks targeting users in Britain and Norway.
What should companies do in this email threat landscape?
Faced with this increasing barrage of email-based cyber threats, companies can no longer rely on outdated or siled security measures. A multi-layered approach to security is needed, from secure email and endpoint protection to threat intelligence and ongoing user awareness and security training initiatives.
Today, Microsoft is the standard technology environment for enterprises. Microsoft Office has cemented itself as the industry standard in the business world. This ubiquity has made Microsoft an easy target for criminals. Strengthening email security is an absolute necessity. Of course, Microsoft offers basic security, but the platform has some inherent limitations that make layering on advanced protection against email threats critical.
Link isolation is one such technique that is critical to protect against unknown zero-day threats. It disables malicious URLs in emails and associated web pages. To check for malicious attachments, sandboxing is a necessity. This technique isolates the suspicious file in a ‘sandbox’ – that is, a virtual machine in the cloud – allowing the security team to investigate the potential threat, understand the attack pattern and gain deep insight into the incident to pinpoint a security vulnerability. can anticipate. infringement. This kind of live, real-time monitoring and intelligence is essential in today’s environment where criminals relentlessly seek to exploit human and software errors.
These techniques provide a true zero-trust approach to email security by ensuring every link is scanned dynamically and quickly to keep the business secure.
Finally, a layered approach to security requires the adoption of the best third-party services. No single solution or platform can fully provide all security capabilities. Microsoft is a good example. The company offers everything from productivity suites and operating systems to cloud platforms and developer tools. Of course, there is security embedded in these solutions, but Microsoft is not a specialized security provider, and certainly not a specialized email security provider, even though Outlook is now the default tool for managing email messages, calendars, contacts and more.
We list the best email hosting services.
This article was produced as part of Ny BreakingPro’s Expert Insights channel, where we profile the best and brightest minds in today’s technology industry. The views expressed here are those of the author and are not necessarily those of Ny BreakingPro or Future plc. If you are interested in contributing, you can read more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro