Malicious email attacks that tap ransomware and banking Trojans soared in the third quarter of 2017, while social engineering and targeting techniques grew more sophisticated, according to security firm Proofpoint’s Quarterly Threat Report, published Thursday.
Malicious email volume increased 85% from Q2, the report found. This was largely driven by an explosion of email with malicious URLs linking to hosted malware–the volume of which rose 600% from Q2, and more than 2,200% from 2016. This represents the highest proportion of malicious URL messages compared to attachment-based email attacks since 2014.
Ransomware appeared in some 64% of all malicious email, the report found. Locky remained the top payload in terms of ransomware and across all malware families, though new ransomware variants appeared each day. Strains known as Philadelphia and GlobeImposter also grew from small, regionally-focused variants into global threats, thanks to a few high-volume campaigns by a single attacker, according to the report.
SEE: Information security incident reporting policy (Tech Pro Research)
Meanwhile, banking Trojans accounted for 24% of all malicious emails. The Trick accounted for 70% of banking Trojan payloads, surpassing Dridex for the top spot.
Email fraud was also on the rise in Q3, up 29% over the previous quarter. Companies also saw increased attack frequency, with 12% more email fraud attempts per targeted organization than Q2.
While exploit kits declined in 2016, criminals that are still using them have now layered social engineering tools into these campaigns, Proofpoint found. This suggests that hackers are looking beyond the exploits alone, as they become harder to find and obtain, the report noted.
Fraudulent support accounts also doubled from Q3 2016, as threat actors continue to tap social engineering to lure in victims. The number of fake customer support accounts used for “angler phishing” grew 5% over Q2, while the volume of phishing links on branded social media channels rose 10%.
The rise of suspicious, look-alike domain registrations was also notable in Q3, the report found. These suspicious domains are often used for typosquatting and spoofing, and usually arise tied to a major event related to the brand, such as a new product launch. Defensive registration of brand-owned domains fell 20% from the year before, while suspicious domain registrations grew 20% in the same period.
Proofpoint offers the following four tips to keep your business safe:
1. Combat typosquatting on the web
Defensive domain registration is an easy, cost-effective way to prevent attackers from creating look-alike domains for email fraud and credential phishing, the report noted. IT should work with business leaders to create a list of potential look-alike domains to register, and include conference and marketing campaign website as well.
2. Deploy email authentication to stop domain spoofing techniques used in email fraud
By employing protocols such as DMARC (Domain-based Message Authentication, Reporting & Conformance), companies can prevent criminals from tapping their email domain.
3. Protect your users from email attacks of all types
Email attacks can take the form of malware attachments, malicious URLs, or socially engineered fraud. Any solution in place should address all of those potential vectors.
4. Protect your brand from impostors on social media
Some security solutions can alert your company to fake, look-alike social media accounts–particularly those offering fraudulent customer support services–and work to take them down.
Want to use this data in your next business presentation? Feel free to copy and paste these top takeaways into your next slideshow.
- Malicious email volume increased 85% from Q2 to Q3 2017. -Proofpoint, 2017
- Ransomware appeared in 64% of all malicious emails sent in Q3 2017, with Locky deployed most often. -Proofpoint, 2017
- Email fraud rose 29% from Q2 to Q3 2017. -Proofpoint, 2017