Routinely, research exposes the rapidly changing landscape of email-based threats, and the innovative tactics as malicious actors relentlessly shift tactics, probing for vulnerabilities of humans and software with cunning, innovative attacks.
The latest analysis of over 1.8 billion emails in Q1 of this year reveals that the US is the top source of spam emails, followed by the U.K., Ireland, and Japan. This is a change from the corresponding period in 2023 when aside from the US, Germany and Turkey were the dominant sources of spam emails. Furthermore, it appears that the countries sourcing the spam are also the same as their targets. The US, UK, and Canada are the top three countries most subjected to email-based attacks. The reasons could be socioeconomic factors or merely that cybercriminals are changing tack as vigilant enterprises keep pace with their territory-centric tricks.
Quishing, scams, and email phishing
Whilst as yet, we are not seeing a large volume, there is a growing trend of QR code phishing or Quishing. The convenience that QR codes offer users is the very reason criminals are exploiting this technology, using QR codes as easy bait.
Scams are growing in popularity among cybercriminals, overtaking phishing emails. The criminals know which buttons to press. Phishing emails masquerading as communications from Human Resources, falsely claiming to relate to employee benefits, compensation, or insurance within a company are steadily increasing. Often, these emails contain malicious attachments in .html or .pdf formats, featuring phishing QR codes that redirect recipients to phishing sites upon scanning. Employees fall prey as generative AI technologies enable cybercriminals to craft error-free, convincing phishing emails in practically any language of their choosing.
Also, criminals are using common phrases that are perfectly legitimate services to trick – “2FA authentication is outdated”, “your email is quarantined”, “your password has expired”, “update your subscription details”, and “here’s your statement of account review” – are being widely used to deceive.
Director of Product Management, Vipre.
New phishing trends
In email phishing campaigns, criminals are increasingly using malicious links in emails, followed by attachments, and QR codes to fraud end users. Attackers are employing links in phishing emails for URL redirection, a technique that opens a different web page when the desired web page is clicked. It’s effectively a bait-and-switch technique. They deploy this tactic because the legitimate URL avoids detection by most email security tools and users, while at the back end, the malicious link carries out unscrupulous activity.
Malicious attachments are an emerging tactic that are gaining favour with bad actors to perform phishing attacks. There is a marked shift towards the use of .ics calendar invite and .rtf attachment file formats to mislead recipients into opening malicious content. Users and enterprises will do well to stay vigilant to .eml attachments too. Savvy threat actors are sending malicious payloads via .eml files because they get overlooked when attached to phishing emails, as the emails come out clean.
Brand spoofing
It’s perhaps no surprise that Microsoft is the most spoofed brand. With four out of five Fortune 500 companies using Microsoft Office 365, it is a surefire win for scammers, which is why attacks are increasing daily.
Brands such as DocuSign, eFax, and PayPal are also proving successful for threat actors. e-signatures have more or less become the default mechanism for validating important documents, especially legal ones. By targeting digital faxes and PayPal, they possibly are catching the less cybersecurity-savvy crowd.
Proliferating malspam
Malicious spam links are proliferating at an alarming rate. Threat actors are increasingly using malspam, conceivably encouraged by the success of password-oriented phishing emails that use links. Many are opting for malicious links in malspam emails instead of attachments. Malware is increasingly being hidden in cloud storage platforms such as Google Drive too.
And following the international dismantling of the Qakbot malware – no rest for the wicked! – Pikabot has emerged as the top malware family, with most of its attacks focused on users in the UK and Norway.
Against this email threat landscape, what must enterprises do?
In the face of this intensifying barrage of email-based cyber threats, enterprises can no longer rely on outdated or isolated security measures. A multi-layered approach to security is needed – from secure email and endpoint protection through to threat intelligence and continuous user awareness and security training initiatives.
Today, Microsoft is the default technological environment for enterprises. Microsoft Office has entrenched itself as the industry standard across the corporate world. This ubiquity has made Microsoft an easy target for criminals. Bolstering email security is an imperative. Of course, Microsoft offers standard security, but the platform has some inherent limitations making layering on advanced email threat protection vital.
Link Isolation is one such technique that is critical to protect against unknown zero-day threats. It renders malicious URLs in emails and their associated web pages harmless. To check for malicious attachments, sandboxing capability is a necessity. This technique isolates the suspicious file in a ‘sandbox’ – i.e., a virtual machine in the cloud – allowing the security team to investigate the potential threat, understand the attack pattern, and gain deep insight into the incident, to pre-empt a security breach. This kind of live, real-time monitoring and intelligence is essential in today’s environment where criminals are relentlessly in pursuit of exploiting human and software flaws.
These techniques ensure a true zero-trust approach to email security by ensuring that every link is scanned dynamically and quickly to help keep the enterprise safe.
Finally, a layered approach to security requires the adoption of best-in-class third-party services. No single solution or platform can comprehensively provide all the security capabilities. Microsoft is a good example. The company offers everything from productivity suites and operating systems to cloud platforms and developer tools. Of course, there is security embedded in these solutions, but Microsoft is not a specialist security provider, and definitely not a specialist email security provider even though Outlook is today the default tool for managing email messages, calendars, contacts, and more.
We list the best email hosting services.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
