Phishing attacks remain a significant threat for organizations, even though a recent survey showed a decrease in the number of credential phishing campaigns during the second quarter of 2023.
Along with the reduction in credential phishing campaigns, the Q2 Phishing Intelligence Trends Review by email security vendor Cofense identified fewer campaigns distributing malware. Major malware actors like Emotet may have scaled back or paused their campaigns, Cofense researchers speculate. The prominent malware families for most threats included Agent Tesla, Formco, and NetSupport RAT. Agent Tesla maintained a consistently high level of activity throughout Q2.
SuperMailer Campaigns and Malicious Email Trends
Cofense’s report also showed that more malicious emails were sent in May, owing to high-volume SuperMailer campaigns. SuperMailer, which is legitimate mailing software, saw an 87% increase in usage in Q2.
While SuperMailer-generated campaigns follow easily detectable patterns in most of their emails, some secure email gateways (SEGs) may not block the emails effectively, said Matt Gannon, senior cyber threat intelligence analyst at Cofense.
According to Fernando Montenegro, senior principal analyst at research firm Omdia, inbound email security is critical for organizations to have. “A well-tuned SEG with good threat intelligence can indeed be effective,” Montenegro said. “This doesn’t mean using one layer only, so it’s critical to have proper monitoring, reporting, and response on any instances of malicious email that gets through regardless."
With a move to cloud-based email environments, IT professionals will have to manage new security threats while facing familiar threats like phishing. “Take a look at claims data from any cyber insurance carrier, and you will see phishing as the entry point for most ransomware and business email compromise attacks leading to sensitive data loss and huge financial losses with fraudulent transfers of funds,” said Jess Burns, senior analyst at Forrester. “[Email] is still the best route for bad actors to get into enterprises of all sizes.”
In Q2, successful phishing scams were typically designed for specific organizations and users, Cofense found. Scams included email body drafts that featured the recipients’ names and email addresses. The success of these tailored campaigns suggests that future campaigns may adopt a similar personalized approach, perhaps on a larger scale.
What IT Pros Can Do To Protect Organizations
As with all security threats, it’s crucial to establish both a culture of informed users and an organization-wide process for reporting threats. Realistic phishing simulations can help to familiarize employees with common tactics that bad actors use. In addition to fostering a culture that promotes reporting without shame, IT professionals should diligently document and categorize the different threats that their organization could encounter.
In addition, security teams should work closely with business operations such as accounts payable, procurement, and vendor management, Montenegro said. Their collaboration can ensure that teams have strong processes in place to counter fraud attempts.
While malware and phishing campaigns generally seek to compromise an organization financially, their delivery methods can differ, requiring distinct approaches for mitigation. “It’s important to track credential phishing campaigns and malware delivery campaigns separately,” Gannon said. These two types of campaigns typically have different targets and methods for delivering their payloads. Monitoring the two threats separately can make them easier to manage.