Email threats continue to rise

Threats from different types ofPhishing is still on the rise. The same applies to the risks that companies are exposed to through compromised e-mails. According to Check Point’s 2023 Cybersecurity Report, 83 percent of cyberattacks originate from email, with other statistics suggesting even higher numbers.

According to a survey by Statista, the majority of companies expect cyber crime to increase significantly in 2023. German companies as well as companies worldwide express these fears.

Current statistics on cyber threat situation worrying

The security specialist VIPRE Security Group has collected statistics and analyzed the email threats in the first half of 2023. The study shows that the danger of cyber attacks is increasing on several levels and companies should focus on protecting their users from phishing . Because this is exactly where the dangers lurk.

The current figures for the second quarter complement the information from the previous ones, especially with regard to the development of cyber attacks and their focus. The data collected shows that not only are the number of attacks increasing, but the impact is also becoming more drastic. Not least due to ransomware attacks. According to a report by global insurer Hiscox , one in five companies that fall victim to a cyber attack is even on the brink of bankruptcy.

VIPRE security solutions scanned nearly 1.8 billion emails in Q2 2023. Of these, more than 230 million emails contained viruses and ransomware. This means that in almost 13 percent of all emails there is a slumbering risk of ransomware paralyzing the company’s entire infrastructure. Spam emails are not included in these figures.

In Q1, financial services and institutions (25%) remain among the most targeted industries, closely followed by healthcare (22%) and education (15%). Financial institutions and educational institutions are equally attractive targets for cybercriminals because both handle enormous amounts of sensitive data. Maintaining business continuity is all the more urgent in healthcare. This makes the industry a popular target for ransomware attacks as it increases the likelihood of a ransom being paid. Companies that have a lot to do with IT technology are among the sectors most at risk in the second quarter of 2023, accounting for almost a third of all phishing/spam emails. This is followed by authorities and educational institutions with over 20 percent. However, all other sectors are also under attack. They each account for around 10 percent of all phishing emails.

Spam and phishing emails often use compromised Office documents: Patch installation urgently required

In most cases (85 percent) phishing emails contain links that should be clicked on, in 15 percent of the cases files are attached. HTML files are the most common attachments at just over 60 percent, followed by PDF, EML and ZIP files. Increasingly, however, compromised Office documents are also being used to send spam/phishing e-mails. In the case of spam mails in particular, this accounts for almost a third of all file attachments.

They contain malicious code preventing the intrusion of ransomware or othermalware on the affected computers. This often exploits vulnerabilities that companies have not closed in locally installed Office and Windows installations.

Such vulnerabilities were closed by Microsoft on patch day in July 2023, for example, but administrators must install the updates on the systems and take protective measures. The current vulnerability CVE-2023-36884 is particularly serious . It affects all Windows and Office versions up to Windows 11 22H2 and Windows Server 2022. The vulnerability enables remote code execution on the computers. Attacks are already taking place via compromised Office documents that inject malicious code onto Windows computers.

Attackers are also increasingly using QR codes. When users scan the fake codes, they are redirected to phishing sites. If you enter your user data there, cybercriminals can use it for further attacks.

The number of phishing emails has tripled!

In about half of fraudulent emails, users are tricked into transferring money to the attackers or disclosing sensitive data. In addition, the e-mail gives the impression of coming from a colleague or superior. Thanks to modern AI technologies, these e-mails are very professionally designed and quickly tempt even experienced users to pass on information. These attacks even go so far that deep fakes are used to falsify phone calls and take over entire video conferences in order to get access to the user’s access data.

According to VIPRE surveys, the number of fake emails tripled in the second quarter of 2023. Attackers try to get direct access to the money or data of users and companies in an equally intrusive and sophisticated way. This data is used for registrations or further cyber attacks.

Macro-less malware attacks are on the rise

In the past, malware embedded in Office documents was smuggled onto systems primarily via insecure macro settings in Office programs. Here, too, cybercriminals have adapted and modernized the systems. Ransomware and other malware primarily target operating system and Office vulnerabilities to compromise systems.

For example, specially crafted Microsoft Office documents contain a malicious external resource page that calls the Office program when the victim accesses the malware-infected file. The HTML page contains JavaScript code that calls MS-MDST, the MSDT URI protocol handler, and runs PowerShell scripts. The script then downloads more malicious code. This could be XWorm malware . XWorm is a sophisticated remote-access Trojan that exhibits ransomware-like behavior, enabling data theft, surveillance, and DDoS attacks, among others.

Phishing and spam mails more professional and therefore more dangerous

In many cases, fraudulent e-mails are structured very professionally. Among other things , spear phishing attacks are used , in which the cybercriminals obtain detailed information about the company and its employees in advance. These attacks are known as Business Email Compromise (BEC).

Individual employees are then attacked in a targeted manner, partly supported by AI technologies. The attackers often use executives as the senders of the emails and social engineering approaches to obtain the victims’ data. Well-known brands such as Microsoft, Apple and DocuSign are also often misused to send phishing emails.

Cyber ​​criminals are also working to improve phishing links. In Q2/2023, more and more phishing emails use URL redirection to disguise the real target of the phishing site. In this case, the URLs of the emails look more harmless and trick the victims into clicking on the link without knowing it. In some cases, buttons are also used here that do not arouse suspicion.

Such redirects are also dangerous because not all security programs check the target links. In addition, phishing scammers are increasingly using legitimate and trusted URLs to host phishing sites. This allows email filters or URL reputation technologies to be bypassed.

Email threats are obviously not going away any time soon – quite the contrary. Despite being a rudimentary attack technique, email-based threats continue to make headlines, bringing even the world’s largest organizations to their knees. The security researchers therefore recommend not only a holistic, multi-stage approach but also adapt security awareness training accordingly. In order to provide informed training, companies should reconsider and implement their strategy based on current research.


(c) it-daily