Email security relies on timely, accurate information. Security solutions need information to detect and prevent threats, organizations need information to inform their security strategies, and users need information to identify, avoid, and report potential risks. As such, research efforts like the VIPRE Q3 Email Threat Trends Report are invaluable resources for anyone seeking to protect themselves from email threat actors. So, let’s cover some of the key takeaways from the report so you can incorporate them into your email security efforts.
Email Threat Actors Bypass Traditional Defenses
The key takeaway from this quarter’s report is that as email security threats evolve, email threat actors are changing their tactics to adapt. VIPRE’s proprietary sandboxing software and their Link Isolation tool caught 12.3 million malicious emails in Q3 2024 – up from 11 million last year – which suggests that cybercriminals are working harder than ever to obfuscate their tactics and avoid detection.
Similarly, VIPRE’s ThreatAnalyzer technologies, incorporated into their attachment and link sandboxing tools, caught an additional 68,000 nefarious links that had slipped past previous defenses. Again, it’s clear that traditional email security solutions can no longer prevent the most sophisticated attacks.
These links bypass traditional email defenses because threat actors use URL detection to great effect. This attack method utilizes a “clean” URL within the body of the email before redirecting the user to a malicious one upon clicking it.
These findings offer us a valuable lesson: organizations that only run legacy email security tools like spam filters and secure email gateways (SEGs) are vulnerable to exploitation, and sandboxing technologies are crucial for comprehensive protection.
AI-Powered Scams Continue to Present a Risk
Traditional email scams were relatively easy to identify. Scammers, either out of incompetence, laziness, or their tenuous grasp of the English language, typically crafted email copy riddled with errors. However, in recent years, threat actors have started using generative AI tools to craft convincing scam emails that are, to the naked eye, at least, indistinguishable from legitimate ones. The UK’s National Cyber Security Center (NCSC) warned of this trend way back in January.
Q3 2024 saw a continuation of this trend. VIPRE’s AI detection tools revealed that 36% of business email compromise (BEC) samples in Q3 2024 were crafted by AI. The lesson here is that organizations and individuals can no longer rely on many of the traditional indicators of scam emails. Instead, users should stay vigilant for non-personalized greetings, email content that attempts to prompt a sense of urgency or fear, suspicious email domains, and emails that impersonate high-level executives they wouldn’t usually receive communications from.
In Q3 2024, threat actors primarily impersonated CEOs and Executives (57%), Directors, Managers, and Supervisors (26%), and IT Personnel (9%) to spoof potential victims. So, stay extra vigilant when receiving messages from these senders.
Critical Infrastructure Hit Hard in Q3 2024
Targeting critical infrastructure is, in many ways, something of a no-brainer for email threat actors. These organizations typically house huge amounts of sensitive information, have a low tolerance for down time, and offer geopolitical advantages for nation-state backed attackers. Unsurprisingly then, attackers hit critical infrastructure hard in Q3 2024.
Manufacturing (27%) suffered the most from BEC, phishing, and malspam emails this quarter. Aside from the reasons listed above, the manufacturing sector is fast becoming a favorite target for many threat actors as environments that were traditionally air-gapped are now being brought online. The rest of this quarter’s top five is comprised of the energy (23%), retail (10%), utilities (7%), and real estate (6%) sectors. Organizations operating in these sectors would be well advised to shore up their defenses.
Interestingly, however, the financial sector, which has been a mainstay in these rankings for some time, suffered relatively few attacks in Q3 2024. This is, perhaps, because the sector has improved its defenses and is no longer seen as an easy target for attackers. However, it’s important financial organizations don’t get complacent – email threat actors could return to their traditional targets at any time.
RedLine Malware Takes the Top Spot
The RedLine Stealer malware was the top malware family in Q3 2024. This malware family extracts sensitive data from victims’ web browsers, including credentials, payment details, and even cryptocurrency wallet information. It uses a customizable file-grabber to target specific file types and directories, like the Desktop and Documents folders on a PC. It can also take screenshots of sensitive data and execute additional commands or payloads on compromised systems.
Threat actors typically distribute RedLine through phishing emails – particularly through seemingly harmless attachments disguised as PDFs, executable files, or Office Suite documents – and malicious websites, so encourage your staff to be extra careful when clicking attachments and links in unsolicited emails.
Looking Ahead
It’s clear from VIPRE’s report that the email threat landscape is getting increasingly treacherous. As threat actors evolve their tactics, it’s crucial for all organizations to review their email security strategies to ensure they keep pace with emerging tools and techniques. Failing to do so will almost certainly result in disaster.
