The report is designed to aid the cybersecurity industry in its never-ending battle against email-based attacks and tackle the ever-present email security issue.
VIPRE Security Group today announced the release of its Q1 Email Threat Trends Report 2023. This release provides the cybersecurity community with exhaustive, up-to-date research on one of the most pervasive and enduring forms of cybercrime. VIPRE researchers worked tirelessly throughout early 2023, analyzing almost 2 billion emails to deliver the Email Threat Trends Report 2023: Q1 and aid the industry in its never-ending battle against email-based attacks and tackle the ever-present email security issue.
Key findings from the report include:
- Financial institutions (25%) were the most targeted sector
- 77% of phishing emails utilized malicious links
- The vast majority (76%) of spam emails originated in the United States
- Researchers detected more than 100,000 new to the wild malicious emails with no known signature
Of those 2 billion emails, VIPRE classified 228,000, or 5% as spam. Of those spam emails, 137,000 were attributable to content, suggesting that scammers prefer to coerce their victims into performing an action, such as transferring money, to clicking an infected link or attachment. Scammers likely favor spam emails attributable to content because potential victims are increasingly wary of opening attachments or clicking links, making these techniques less effective.
More than one in four (28%) of those spam emails belonged to a phishing campaign, with 77% utilizing nefarious links and 23% leveraging malicious attachments. Suspicious links likely came out on top because most phishing-as-a-service (PaaS) providers favor URLs over attachments for their pre-built phish kits. Interestingly, malicious links attributed to compromised websites increased by 26% over the past year, suggesting that sketchy URLs now perform better than suspect attachments. Cybercriminals leveraged these websites by:
- Embedding malicious scripts into forms on the website
- Causing a malware agent to download upon clicking
- Swapping legitimate hyperlinks for malicious ones
However, 97% of malspam emails contained malicious attachments, while only 3% contained malicious links, suggesting that malspammers have had more historical success with attachments when compared to links.
“Despite being one of the more rudimentary attack techniques, email-based threats continue to make headlines and bring the world’s largest companies to their knees,” said Usman Choudhary, chief product and technology officer of VIPRE. “It’s not enough to offer uninformed, checkbox security awareness training; organizations must tailor their approaches according to up-to-date research.”
Unsurprisingly, financial institutions (25%) are still the most targeted sector, followed closely by healthcare (22%) and education (15%) providers. Cybercriminals like to target financial institutions and education because of the vast amounts of sensitive data they handle; healthcare providers are a favored target for deploying ransomware as business continuity is essential and are likely to pay ransoms.
More surprisingly, however, 76% of spam emails originated in the United States, contradictory to the assumption that cybercrime typically originates in non-western countries. Russia, surprisingly, didn’t even make it into the top three, despite topping the list three years ago. However, it’s important to remember that spammers will often deliberately obfuscate their geographical location to suggest they are in the US, skewing the results.
Regarding impersonated brands, Microsoft was way out in front in Q1 2023, being impersonated almost three times more than other top brands like DHL, WeTransfer, and Apple. This discrepancy is likely because of the massive increase in cybercriminals exploiting Microsoft OneNote in February.
Most concerning, VIPRE found more than 100,000 new to the wild malicious emails with no known signatures. VIPRE uncovered these emails with behavioral detection technology, meaning that basic, signature-based email security tools would have failed to detect them. It’s clear that email threats aren’t going anywhere any time soon – and could even be getting worse.
“An extraordinary amount of effort, international resources, experienced analysis, and enterprise-level technology has gone into producing this report. We occupy a unique position in the email security space and are dedicated to offering our expertise and intelligence to SMEs who would otherwise be left in the dark,” Choudhary continued.
To read the Email Threat Trends Report 2023: Q1, download the full report here.
About VIPRE Security Group
VIPRE Security Group is a leading provider of internet security solutions purpose-built to protect businesses, solution providers, and home users from costly and malicious cyber threats. With more than 25 years of industry expertise, VIPRE is one of the world’s largest threat intelligence clouds, delivering exceptional protection against today’s most aggressive online threats. Its award-winning software portfolio includes next-generation antivirus endpoint cloud solutions, advanced email security products, along with threat intelligence for real-time malware analysis, and security awareness training for compliance and risk management. VIPRE solutions deliver easy-to-use, comprehensive layered defense through cloud-based and server security, with mobile interfaces that enable instant threat response. VIPRE is a proud Advanced Technology Partner of Amazon Web Services operating globally across North America and Europe. The group operates under various brands, including VIPRE®, StrongVPN®, IPVanish®, Inspired eLearning®, Livedrive®, and SugarSync®. www.VIPRE.com