VIPRE Security Group, a prominent cybersecurity, privacy, and data protection company, has recently unveiled its Q3 2024 Email Threat Trends Report, divulging valuable insights into the dynamic realm of cybersecurity. The report, which scrutinizes real-world data, exposes the intricate strategies and tactics employed by cybercriminals, with a specific focus on the prevalent threat of business email compromise (BEC). Over the course of the quarter, VIPRE analyzed a staggering 1.8 billion emails worldwide, of which a significant 208 million were identified as malicious.
During the third quarter of 2024, cybercriminals ramped up their efforts to exploit vulnerabilities within organizations through employee deception, with BEC scams emerging as a predominant threat, constituting 58% of all phishing attempts. Notably, a striking 89% of these BEC attacks involved the impersonation of authority figures like CEOs, senior executives, and IT personnel, underscoring the sophisticated strategies adopted by malicious actors to dupe unsuspecting individuals.
The manufacturing sector witnessed a substantial surge in BEC attacks during this period, potentially propelled by financial motives. These incidents spiked from a mere 2% in Q1 to 10% in Q3 of the current year. This escalation can be attributed to the widespread implementation of mobile sign-ins at various manufacturing sites, where employees accessing systems on-the-go, often under pressure to meet production deadlines, are more vulnerable to falling victim to phishing schemes.
Email threats in Q3 primarily comprised scams (34%), commercial spam (30%), and phishing (20%), overshadowing ransomware and malware combined, which collectively accounted for less than 20% of email attacks. Despite their relatively lower prevalence, ransomware and malware persist as focal points within the cybersecurity industry.
To circumvent advanced email security solutions, cybercriminals are resorting to increasingly sophisticated methods to bypass defenses. These tactics include disguising malicious attachments as voicemail recordings or critical security updates to entice unsuspecting recipients into downloading them. In Q3 2024, a total of 2.18 million emails containing harmful attachments were detected, marking a notable 30% increase from the preceding quarter’s 21% attachment-based attacks.
Moreover, cybercriminals continue to exploit the URL redirection technique, a deceptive maneuver designed to evade security measures effectively. In Q3, URL redirection accounted for 52% of such attacks, leading victims to meticulously crafted fraudulent websites intended to appear authentic and trustworthy.
In the realm of malspam, there has been a notable shift from a preference for malicious links to attachments during Q3. While 64% of malspam campaigns centered on malicious attachments, only 36% utilized links, marking a departure from previous trends where links were heavily favored over attachments.
The ‘Malware Family of the Quarter’ accolade goes to Redline, the top malspam family of Q3 2024, known for its capability to pilfer sensitive information from web browsers. RedLine, distributed via phishing emails or malicious websites, is engineered to extract confidential data, which is then relayed to a command-and-control server controlled by the attacker, ultimately granting them control over the compromised device.
Usman Choudhary, CPTO of VIPRE Security Group, emphasized the critical need for robust cybersecurity measures and continuous employee education to combat the evolving threat landscape. As cybercriminals gear up for the upcoming holiday season, including Black Friday, Thanksgiving, Christmas, and New Year, vigilance and proactive security measures are imperative to safeguard against potential attacks.
To delve deeper into the comprehensive findings of the report, interested parties are encouraged to access the full details through VIPRE’s Email Threat Trends Report: Q3 2024.
VIPRE Security Group, a part of Ziff Davis, Inc., boasts over 25 years of industry expertise and is dedicated to providing cutting-edge internet security solutions tailored to safeguard businesses, solution providers, and individual users against malicious cyber threats. With a robust portfolio of award-winning software encompassing advanced antivirus endpoint cloud solutions, email security products, threat intelligence for real-time malware analysis, and security awareness training, VIPRE stands as a formidable defense against the ever-evolving landscape of cyber threats. Operating globally across North America and Europe, VIPRE is a trusted Advanced Technology Partner of Amazon Web Services, offering comprehensive and user-friendly security solutions to counteract the most aggressive online threats.