According to the latest research by Proofpoint, attackers are fine-tuning their efforts to increase the success of BEC campaigns.
It seems like attackers keep making tweaks to their tactics; while still using similar methods as seen before, these tweaks indicate places where attacks are getting the most response from victims. And, it appears, that Malicious URLs are the name of the game these days.
According to Proofpoint’s Q1 2019 Quarterly Threat Report, the tweaks are noteworthy:
- Malicious URLs in emails are the favorite over malicious attachments at a rate of 5 to 1 for Q1
- Malicious URLs are up 21% quarter over quarter and 180% vs. Q1 2018
- “Payment” was the most used subject line in email fraud attacks
Also worth pointing out is the use of a particular botnet – Emotet – that encapsulates a wide range of malicious code modules, making it useful for everything from spamming, to credential theft, to data exfiltration. According to the report, 61% of malicious payloads were Emotet (we’ve previously noted other reports also citing increases in Emotet detections).
The massive shift to using malicious URLs makes it more difficult for AV and email scanning solutions to stop attacks before ever getting to the user. Organizations need to educate users via Security Awareness Training to be on the lookout for suspicious emails so they can be safely ignored, reported, and deleted without causing harm to the organization.