Pierluigi Paganini February 28, 2024

Analyzing the Email Security Landscape and exploring Emerging Threats and Trends.

In the ever-shifting digital arena, staying ahead of evolving threat trends is paramount for organizations aiming to safeguard their assets. Amidst this dynamic landscape, email stands as a primary battleground for cyber defense. VIPRE Security Group’s latest report, “Email Security in 2024: An Expert Insight into Email Threats,” delves into the cutting-edge tactics and technologies embraced by cybercriminals this year.

Drawing from an analysis of nearly a billion malicious emails, the report sheds light on advanced threats, empowering organizations to grasp the intricacies of email-based attacks. Below, we unveil some of the key revelations unearthed in this comprehensive study.

Key Findings from the “Email Security in 2024” Report

In an exhaustive review, VIPRE processed 7.2 billion emails globally, identifying approximately 950.39 million as malicious.

Protection Achievements

The VIPRE Email Security Link Isolation feature, akin to URL sandboxing, showcased its efficacy by securing over 41.9 million links clicked by users.

Detection Breakdown

• There was a near-even split in detection methods, with 52% caught due to content and 48% via malicious links.
• Many of the detections were due to malicious attachments and previously unseen threats, showcasing the importance of using innovative security measures

YARA Rules Impact

YARA rules were pivotal in detecting millions of malicious attempts spotlighting statistical patterns and malware family indicators. The adaptability of these rules contributed to a marked increase in malware detection, particularly in the fourth quarter, emphasizing the necessity of continuous evolution in email security tactics.

Emerging Threats and Trends

The landscape of email threats continues to evolve, with VIPRE’s report shedding light on several alarming trends:

• Deepfake and AI Exploitation: Attackers increasingly leverage deepfake technology and AI to craft more convincing phishing emails, significantly raising the stakes for email security.
• Rise of Quishing: A notable surge in phishing attacks utilizing QR codes, or “quishing,” poses new challenges, with attackers exploiting this method for its novelty and user trust.
• Targeted Sector Vulnerabilities: Financial Services, IT, Healthcare, Education, and Government sectors have emerged as primary targets, with attackers fine-tuning their strategies to exploit specific vulnerabilities within these industries.
• Mobile Threats: The expansion of mobile threats highlights the growing need for security awareness among mobile users, particularly as attackers develop more sophisticated methods to compromise personal and corporate data.

Phishing: The Persistent Threat

Phishing remains a dominant tactic in the cybercriminal arsenal, with the email report providing crucial insights:

Techniques Evolve: The majority of phishing attempts (71%) rely on deceptive links, but attachments (22%) and predatory QR codes (7%) are rising phishing tactics to watch out for.

Who’s Being Spoofed?: Microsoft tops the list of spoofed entities, highlighting the importance of vigilance against seemingly reputable sources.

Link and Attachment Tactics

• A shift in phishing methodologies is observed, with a decline in link-based phishing but a slight increase in attachment-based tactics.
• HTML and PDF attachments emerge as common vectors, underscoring the need for enhanced scrutiny of email attachments.

These insights emphasize the critical importance of remaining alert and adopting comprehensive security measures to mitigate the risks posed by the evolving landscape of phishing threats.

Spotlight on Specific Threats

The Email Security in 2024 report illuminates several specific threats that have been particularly prominent or are on the rise:

Google Group Fake Order Scams

Cybercriminals are exploiting Google Groups to distribute fake order confirmations, tricking recipients into providing personal information under the guise of canceling a non-existent order. This scam cleverly manipulates trust and the routine nature of order confirmations to breach personal security.

Seasonal Scam Emails

The report highlights an uptick in scam emails tied to holidays, leveraging the seasonal hustle to bait users into phishing traps. These scams often use newly registered domains to evade detection, exploiting users’ lowered guard during festive periods.

.EML File Attachments

A significant rise in the use of .eml file attachments for phishing attacks has been noted. These attachments, which can easily bypass traditional security measures due to their rarity in business communication, contain malicious content that, when opened, can compromise the recipient’s security.

Malware Distribution Trends

The malware landscape has shifted, with families like AsyncRAT, Qbot, RedLine, and AgentTesla taking the lead in various quarters. These malware types, particularly targeting Windows systems, highlight the need for vigilance against attachments and links that may harbor such threats.

These highlighted threats underscore the adaptability of attackers and the critical need for advanced, proactive security measures to protect against these sophisticated tactics.

Predictions for 2024

Looking to the horizon of 2024, the Email Security in 2024 Report outlines several key predictions that underscore the evolving nature of email threats:

• Quishing’s Continued Rise: The proliferation of QR codes in phishing (quishing) is expected to escalate, taking advantage of the QR code’s growing popularity and inherent trust among users.
• AI’s Double-Edged Sword: The advancement in AI technologies will be a boon for cybercriminals, enhancing the sophistication of attacks. Expect AI to be used in creating highly convincing spam emails, including deepfakes and personalized phishing attempts, making it increasingly difficult to distinguish between legitimate and malicious communications.
• The Growing Threat of Identity Theft: As attackers become more adept at infiltrating inboxes, AI and machine learning to mimic communication styles pose a significant risk for identity theft and sensitive data exfiltration.
• Escalation in Cyber Warfare: State-sponsored attacks are anticipated to intensify, with email being a critical vector for targeting critical infrastructure and spreading misinformation.
• Diversification in Malware Delivery: A broader array of file types, including .eml, .pdf, and .ppt, will be exploited to disseminate phishing and malware, challenging traditional security defenses.

These predictions highlight the need for continuous innovation in email security solutions and practices to counteract these advancing threats, ensuring that businesses and individuals can safeguard their digital communications against the next wave of cyber attacks.

About the Author: Stefanie Shank. Having spent her career in various capacities and industries under the “high tech” umbrella, Stefanie is passionate about the trends, challenges, solutions, and stories of existing and emerging technologies. A storyteller at heart, she considers herself one of the lucky ones: someone who gets to make a living doing what she loves. Stefanie is a regular writer at Bora.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Email Security)