Threat Intelligence & Incident Response

Malicious Phishing Emails Increased by 569% in 2022: Cofense

Company’s annual report highlights increasing email security threats impacting organizations globally

Cofense, the leading provider of phishing detection and response (PDR) solutions, today announced the release of its 2023 Annual State of Email Security Report, which highlights the growing threats that continuously bypass standard email security solutions. As observed by Cofense Intelligence, 2022 saw a 569% increase in malicious phishing emails and a 478% increase in credential phishing-related threat reports published.

Combining a global network of more than 35 million people with artificial intelligence and machine learning, Cofense has access to a dynamic and vast dataset of actionable, advanced threat intelligence. These insights provide Cofense with unmatched visibility into emails bypassing SEGs and hitting users’ inboxes, highlighted by a 99.996% accuracy rate on phishing threat analysis over the last year. The annual report is a comprehensive assessment of the trends the Cofense team observed through this data in 2022.

“The cybersecurity landscape is always evolving, so it is imperative to stay on top of the latest trends and tactics,” said Tonia Dudley, Vice President and Chief Information Security Officer at Cofense. “As threats increase in frequency, intensity and sophistication, the need for rapid and actionable intelligence has never been greater. The increase in nation-state attacks and major incidents overall continues to apply pressure to drive visibility of an organization’s security program by boards, corporate executives and cyber insurers. With this pressure, organizations must continue to evaluate ways to mitigate risk and assess what email security controls need to be added or enhanced to raise their overall security posture.”

Email Security Trends Hitting Inboxes

Cofense’s crowdsourced methodology provides a view into the malicious emails that are reaching inboxes today. Based on Cofense intelligence, the top five trends in the email security landscape highlight that delivery methods for carrying out phishing campaigns continue to keep up with the advancement of technology. Cofense witnessed a continued blending of tactics to make detection and mitigation even more difficult for organizations. The top trends for 2022 include:

  • Credential phishing is the top attack vector with a 478% increase in malicious emails identified
  • Emotet & QakBot remain the top malware families
  • Business email compromise (BEC) continues to be one of the top cybercrimes for the eighth year in a row
  • Web3 technologies used in phishing campaigns increased by 341%
  • Telegram bots as exfiltration destinations increased by 800%

Top Malware Families to Watch

In 2022, the Cofense team observed a 44% increase in malware as compared to 2021. The report highlights the top five malware families that made up the highest volume of phishing campaigns disseminated in 2022. Several characteristics can make a malware family more appealing to threat actors, such as the malware features, cost, and complexity. In combination, these properties determine how well malware aligns with a threat actor’s agenda for a phishing campaign.

The top five malware families of 2022 include Emotet, Qakbot, Formbook, Agent Tesla and Snake. Most notably, the continued position of Emotet at the top of the list is a testament to its ability to out scale all other malware-delivery campaigns, even after months of inactivity. Additionally, QakBot continues to evolve defensive mechanisms against malware analysis, and phishing emails delivering the malware continue to successfully reach inboxes.

To download the 2023 Annual State of Email Security Report or to register for the webinar that will dive deeper into the report findings on March 29 at 11 AM ET, visit https://cofense.com/annualreport.

Visit AITechPark for cutting-edge Tech Trends around AI, ML, Cybersecurity, along with AITech News, and timely updates from industry professionals!

Related posts

Digital Shadows announces new threat intelligence capabilities

PR Newswire

Gurucul wins 2023 Cloud Computing Security Excellence Award

Business Wire

Secureworks announced a joint go-to-market program with SentinelOne

PR Newswire