Site Logo

Findings from VIPRE Security Group’s Q3 Email Threat Report released

VIPRE Security Group, a cybersecurity, privacy, and data protection company, has released its Q3 Email Threat Trends Report 2023. 

Analysing nearly two billion emails, the report finds that cybercriminals are adapting their methods to reflect changing consumer habits, alongside capitalising on evolving technology to deceive and evade getting caught.

Threat actors are increasingly hiding malicious links in Google Drive and other cloud storage spaces; PDFs as a malspam delivery tool have more than quadrupled since Q1 this year, and callback phishing and user-friendly Redline malware are on the rise. ChatGPT continues to improve phishers’ ability to dupe, and LinkedIn Slink is an unforeseen malicious workaround.

Key highlights of the report include:

  • 9 million malicious emails detected in Q3 2023
  • 110 million emails attributed to malicious content, 118 million to malicious attachments
  • 150,000 emails displayed previously unknown behaviours.
  • Threat actors favour link-based delivery (58%) over attachments (42%).
  • Combined heuristic approaches detected roughly ten times more spam instances than a similar signature-based detection approach

It’s clear from these findings that email threats remain a thorn in the side of cybersecurity teams. The 150,000 emails containing newly created exploits represent a concerning shift in the landscape.

Cybercriminals are also changing their delivery methods to reflect changing consumer habits. As cloud storage services have grown in popularity, so have they developed as a malspam delivery method, accounting for 67 per cent of all malspam delivery methods in Q3 2023. Legitimate, compromised websites made up the remaining 33 per cent. 

Leveraging combined heuristics (Yara Rules) to significant effect in Q3 2023, VIPRE identified over one million spam incidents across two distinct subsets: legacy heuristic rules caught 810,000, while new heuristic rules reeled in more than 72,000. To put this into perspective, traditional, signature-based approaches identified 150,000 overall. These numbers, again, represent a shift in the email security landscape as older defensive technologies struggle to keep pace with phishing-as-a-service offerings and an onslaught of novel malware models.

Usman Choudhary, Chief Product and Technology Officer at VIPRE said, “it’s clear that the email threat landscape and cybercriminals are undergoing a period of rapid and dramatic evolution. Cybercriminals are extremely capable, informed, and effective; we mustn’t underestimate them. However, by exposing cybercriminal attack methods and trends, through this report, we aim to empower organisations to combat those who seek to do them harm. As the adage goes, one must know their enemy. This report will help the industry achieve that goal.”

The report also reveals how cybercriminals are increasingly utilising AI tools to make their emails more believable. Only recently, many, if not most, spoof emails were betrayed by poor grammar, spelling mistakes, or strange formatting. Generative AI tools such as ChatGPT have made this detection method largely obsolete; at the click of a button, cybercriminals can produce literate, well-formatted emails that few could distinguish from legitimate communications.  

More News
17 hours ago
Businesses with slow websites could lose up to £28.4 billion this Christmas
Online operations are the backbone for thousands of businesses both large and small in the UK, especially around the holiday season, with online spending predicted to hit £24.1 billion between 1st November and 31st December according to the Adobe Digital Economy Index.
18 hours ago
Abloy Digital Access Solutions Academy 2024 schedule announced
Abloy UK has announced its new schedule of training dates via its Academy and Digital Access Solutions Academy, with courses on a range of topics, from emergency and panic escape compliance to the latest innovations in digital access technology.
3 days ago
PFU (EMEA) announces series of PC-free updates to ScanSnap Home
PFU (EMEA) has announced an update to its mobile application for ScanSnap, ScanSnap Home (for mobile), marking the first step towards achieving PC-free ScanSnap functionality.
5 days ago
Workplace gifting start-up hits user milestone
Workplace gifting start-up Thankbox has hit a milestone of 100,000 users. The Edinburgh-based company was launched in 2020 by husband-and-wife Valentin and Tsvetelina Hinova.
5 days ago
VIPRE Security Group CTO highlights cybersecurity trends for 2024
Usman Choudhary, Chief Product and Technology Officer at VIPRE Security Group, highlights cybersecurity trends, primarily driven by generative AI adoption, that will dominate in 2024.
6 days ago
78% UK IT decision makers deploying AI and automation
8x8, Inc, an integrated cloud contact centre and unified communications platform provider, has unveiled how companies are dealing with this current time of instability and insecurity, which is impacting British businesses by turning to AI and automation.
3 days ago
Employees spend 20% of salary returning to office
A new study has found that Birmingham is the most expensive city to commute in for hybrid workers, as staff spends up to 16 per cent of their salary travelling in each month.
4 days ago
Rubix VT signs up as headline sponsor of Brighton Half Marathon
Independent business telecoms provider, Rubix VT will be the headline sponsor for the Brighton Half Marathon for the next three years.
4 days ago
Maped Helix releases stocking filler guide
From magical, colour-changing felt tips to blow art sets, Maped Helix has released its guide to help make traditional Christmas stocking full of small yet meaningful gifts.
5 days ago
Software vulnerabilities on the decline, according to new research
Synopsys has published the 2023 Software Vulnerability Snapshot report.

Login / Sign up