Phishing emails soar as messages bypass standard email security solutions
A new report shows that 2022 saw a 569 percent increase in malicious phishing emails and a 478 percent increase in credential phishing-related threat reports published.
The report from Cofense also looks at emails bypassing SEGs and hitting users' inboxes and highlights that delivery methods for carrying out phishing campaigns continue to keep up with the advancement of technology. Cofense has witnessed a continued blending of tactics to make detection and mitigation even more difficult for organizations.
"The cybersecurity landscape is always evolving, so it is imperative to stay on top of the latest trends and tactics," says Tonia Dudley, vice president and chief information security officer at Cofense. "As threats increase in frequency, intensity and sophistication, the need for rapid and actionable intelligence has never been greater. The increase in nation-state attacks and major incidents overall continues to apply pressure to drive visibility of an organization's security program by boards, corporate executives and cyber insurers. With this pressure, organizations must continue to evaluate ways to mitigate risk and assess what email security controls need to be added or enhanced to raise their overall security posture."
Emotet and QakBot remain the top malware families. Emotet tops the list thanks to its ability to out scale all other malware-delivery campaigns, even after months of inactivity. QakBot meanwhile continues to evolve defensive mechanisms against malware analysis so that phishing emails delivering the malware continue to successfully reach inboxes.
Business email compromise (BEC) continues to be one of the top cybercrimes for the eighth year in a row. The report also shows that the use of Web3 technologies in phishing campaigns has increased by 341 percent.
The full report is available from the Cofense site.