Researchers conducted a thorough analysis of phishing attacks spanning from the third quarter of 2023 to the third quarter of 2024, revealing the top five industries targeted by subject-customized emails. These emails were found to exploit personal information such as names, emails, phone numbers, or company names to circumvent security measures put in place by organizations.
The use of redaction techniques to safeguard sensitive information while still providing valuable insights to clients showcases the commitment to sharing actionable intelligence without compromising individuals’ privacy rights.
The practice of subject redaction, utilized by threat actors to conceal malicious email content, was predominantly observed in key sectors such as finance, insurance, manufacturing, mining, healthcare, and retail. This underscores the growing sophistication of cybercriminals and highlights the critical need for robust email security protocols to counter such threats effectively.
Researchers have noted a clear correlation between the themes of the email content and the threat actors behind these attacks. Additionally, seasonal fluctuations in the volume of attacks and distinct patterns of subject redaction across these industries further emphasize the evolving tactics employed by cybercriminals.
Within the finance and insurance industries, there has been a notable increase in credential phishing attacks during the years 2023 and 2024. Cybercriminals deploy personalized subject lines that mimic legitimate business communications to deceive unsuspecting recipients into disclosing sensitive information.
Despite fluctuations in attack frequency, these industries remain primary targets for threat actors. The manufacturing sector has also been increasingly targeted with personalized phishing emails containing Personally Identifiable Information (PII) in their subject lines. This tactic aims to bypass security protocols and lure recipients into engaging with malicious content.
Given the nature of the manufacturing industry’s frequent exchange of sensitive information, these targeted attacks have proven to be particularly effective. Although there has been a decrease in the overall volume of such attacks, the industry continues to face persistent threats from cybercriminals.
In parallel, the mining, quarrying, oil, and gas extraction industries have become prime targets for email-based attacks that utilize subject lines containing sensitive information related to proposals, invoices, and document-sharing notifications. Similarly, the healthcare and social assistance sector has seen a significant amount of credential phishing emails with PII in the subject lines.
Both of these industries experienced a notable surge in attacks during the third quarter of 2023, with varying trends in subsequent quarters. The analysis has unveiled a clear connection between email content themes and the redaction of PII, particularly in emails related to voicemail and finance.
Attackers often customize subject lines and attachment names with recipient-specific information to enhance the perceived legitimacy of their communications. Malicious file types such as .HTM(L) and .DOC(X) are commonly used to mimic authentic document formats, thereby increasing the likelihood of recipient engagement with these phishing emails.
Cofense Intelligence has identified a significant correlation between redacted subject lines and .HTM/.HTML attachments in credential phishing emails. These attachments often include the recipient’s email address and imitate legitimate login pages, making them more convincing to potential victims.
Although less prevalent, .DOC/.DOCX attachments are also used in phishing campaigns to redirect users to malicious URLs or phishing sites via QR codes. The utilization of standard file formats like .DOC(X) enables these attacks to evade detection by security filters, rendering them more successful in deceiving recipients.
In conclusion, the findings from the analysis of phishing attacks targeting various industries underscore the importance of implementing robust email security measures to safeguard organizations and individuals from the evolving tactics of cybercriminals. By staying vigilant and continuously adapting cybersecurity protocols, businesses can effectively mitigate the risks posed by these sophisticated threats.