The first quarter of 2023 is shaping up to be a spam-tastic year for dangerous emails with nearly one out of four classified by researchers as "do not engage" or malicious.
The data comes from Fortra’s PhishLabs, which reported on Wednesday on a host of phishing trends and tactics for the first quarter of 2023. According to researchers 7.7% of emails landing in inboxes in Q1 were malicious and 15.9% were tracked as "do not engage" - representing the largest overall percentage of those type emails since it began tracking phishing emails.
Researchers noted that of those emails "there was a sizable increase in the proportion of credential thefts, up 14.4% to reach a total of 58.2%." The QBot ransomware family comprised nearly 88% of malicious payloads in those phishing emails.
It's all about the malware
Drilling down into those malicious emails, PhishLabs said malware-laced emails delivered their payloads mostly as attachments, such as OneNote and Adobe documents and via HTML smuggling campaigns. It was the second quarter in a row QBot topped malware payloads. QBot is malware best known for features like self-propagation, streamlined command-and-control communication and stealthy sandbox detection capabilities, researchers said.
Emotet and IcedID took the second and third spots behind QBot, coming in at 6% of malware payload volume and 3%, respectively.
Let's go phishing
Nearly 60% of malicious emails, 58.2%, were related to credential theft, which was an increase of 14.4%. Most credential-theft emails, 62.4%, contained phishing links, while the remaining 37.6% had attachments.
Emails requiring a response decreased 13.1% in Q1 to make up 40.5% of malicious emails, with nearly half (45.1%) being hybrid voice-based vishing attacks.
Phishing sites designed to mimic financial institutions were the most impersonated industry at 42.1%, followed by social media at 26.1%, webmail and online services (11.4%), telecommunications (8.3%), and cloud storage and file hosting (5%).
Businesses see uptick in social media as an attack vector
Social media continues to be a growing attack vector for cybercriminals with attacks targeting businesses increasing 12.2% in Q1. "The average business is targeted by around 84 attacks each month," according to PhishLabs.
The report noted that social feeds are a "conducive environment for cybercriminal activity" because they are often difficult for security teams to monitor.
"Top threat types on social media in Q1 were cyber threats (33.1%), impersonation (26.3%), counterfeit (22.1%), and fraud (16.9%)," they said.
Hardest hit via social media based attacks were financial institutions (representing 33.5% of reported social media attacks), followed by retail (24.4%), cryptocurrency (14.7%) and financial services (9.3%). "Of these, retail saw the most significant change from the previous quarter—an increase of nearly 7%," researchers said.