SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

Cofense report: Sophisticated email threats on the rise

Thu, 21st Nov 2024

Cofense has released its Q3 2024 Phishing Intelligence Trends Review, highlighting increasingly sophisticated threats in email security.

The report reveals a notable rise in the frequency of malicious emails bypassing Secure Email Gateways (SEGs), with Cofense detecting at least one such email every 45 seconds, a significant increase from the every 57 seconds reported last year.

Remote Access Trojans (RATs), particularly the Remcos RAT, have shown a marked increase in prevalence, with a 59% rise in email share. These Trojans are seen as adaptable tools, often employed for keylogging and credential theft, and are effective in bypassing SEGs.

Open redirect techniques have surged by 627% during the third quarter, with platforms like TikTok and Google AMP being commonly utilised in these types of attacks. TikTok[.]com has ascended in the ranks to become the 5th most used domain for credential phishing, a significant jump from previous quarters.

The use of malicious Office documents, especially .docx files embedded with phishing links or QR codes, has climbed by nearly 600%. These document-based phishing attacks are particularly successful at evading detection, facilitating their entry into user inboxes.

Data exfiltration tactics have also evolved, with domains sporting the .ru and .su top-level domains experiencing a rise in usage by more than fourfold and twelvefold, respectively. This points to a strategic shift in data exfiltration efforts, exploiting lesser-monitored domains.

Josh Bartolomie, Vice President of Global Threat Services at Cofense, commented on the findings, "We continue to see threats bypassing perimeter email security defenses at an alarming rate, which is a clear indication that threat actors continue to innovate phishing campaigns faster than technology can stop them. It's time organizations rethink their approach to email security. Focus on solutions that combine technology and human insights, leveraging real-time threat intelligence to effectively combat emerging risks."

Looking ahead to Q4 2024, the report anticipates an increase in phishing campaigns using GitHub to bypass SEGs, tapping into the platform's credibility to evade detection. Additionally, phishing campaigns themed around holidays may rise, capitalising on seasonal consumer behaviour.

There is also an expectation for increased phishing activities targeting US brokerage firms such as Fidelity, Vanguard, and Charles Schwab, driven by potential changes in interest rates. Shipping-themed phishing could see a surge if ongoing logistics disruptions persist, while the focus on multi-factor authentication (MFA) in phishing attacks may decline as attackers pursue other high-impact opportunities.

The report underscores the necessity for organisations to adapt their defences proactively to meet these evolving threats. This includes integrating solutions combining both technological and human intelligence to effectively counter phishing risks identified in the report.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X