Emails absolute awful URLs made up 88 percent of all letters with malware-infested links and attachments, accent the ascendancy of URL-based email threats.

The allegation — appear in cybersecurity firm Proofpoint’s annual threat report for the month ending September — reveal the evolving composure of social engineering attacks targeting users and organizations.

“Email-based threats are among the oldest, most pervasive, and boundless cybersecurity threats hitting organizations worldwide,” Chris Dawson, Threat Intelligence Lead at Proofpoint, told TNW.

“From massive malware campaigns targeting millions of recipients with cyberbanking Trojans to anxiously crafted email fraud, the email threat mural is acutely diverse, creating a wide range of opportunities for threat actors to attack organizations,” Dawson added.

Some other key trends to note are the prevalence of sextortion campaigns, and the notable absence of Emotet botnet spam and ransomware attacks broadcast via awful emails.

“Ransomware is still a threat,” Dawson stated. “However, with rapidly bottomward cryptocurrency valuations, threat actors are having a harder time monetizing their ransomware campaigns. Instead they are axis to ‘quieter’ infections with cyberbanking Trojans and downloaders that can potentially sit on adulterated machines for continued periods, accession data, mining cryptocurrency, sending spam, and more.”


Indeed, all-embracing bulletin volumes of cyberbanking Trojans (Trickbot, IcedID, Ursnif) and remote administering tools (FlawedAmmy, FlawedGrace) added by 18 percent and 55 percent when compared to the antecedent quarter, all deployed with an aim to evade apprehension and stealthily aggregate credentials, conduct reconnaissance, move alongside on networks, and enable at-will administration of accessory payloads.

The re-emergence of Emotet

Emotet, for its part, didn’t absolutely go away. Dubbed “TA542” by Proofpoint researchers, the botnet-driven spam campaign, has afresh emerged as the better source of annihilative malware, morphing from its aboriginal roots as a cyberbanking Trojan to a “Swiss Army knife” that can serve as a downloader, advice stealer, and spambot depending on how it’s deployed.

While the malware appeared to have abundantly abolished throughout the summer of 2019, it made a improvement in September via “geographically-targeted emails with local-language lures and brands, often banking in theme, and using awful certificate accessories or links to agnate documents, which, when users enabled macros, installed Emotet.”

Interestingly, Emotet’s re-awakening in the last two weeks of the month ended up accounting for 12 percent of all awful payloads for the entire third quarter. This also coincides with a agnate report appear by Netscout early this week:

In May 2019, Emotet’s action started to decline. This hiatus lasted for about four months when it made a improvement in September 2019. The action picked up as if it never left with evolving spam campaigns and new commitment mechanisms.

It’s worth noting that Emotet amounted to almost two-thirds of all payloads delivered through phishing emails amid January and March 2019.

What’s also confused are the countries impacted: in accession to its longstanding targets, such as the US, the UK, Canada, Germany, and Australia, TA542 broadcast vastly in scope to beset Italy, Spain, Japan, Hong Kong, and Singapore.

Mitigating social engineering attacks

Protecting organizations from phishing attacks requires a “multi-layered approach” that starts with accepting the email approach and anecdotic and attention the most attacked individuals.

“To truly actuate risk, organizations must weigh the sheer number of threats accustomed by each user, where those attacks are coming from, how targeted each attack is, and what type of malware is complex in each attack,” Dawson told TNW.

“Using this insight, organizations can apparatus user-centric adaptive access controls based on the user’s role, because assertive privileges and VIP status, the risk level associated with the login, and other contextual ambit such as user’s location, device hygiene, and others,” he said.

That’s not all. It also requires training advisers to spot phishing campaigns that target them and help them accept why they are at risk.

“Training advisers on what to click is useful,” Adrien Gendre, Chief Solution Architect at predictive email aegis firm Vade Secure, told TNW. “But the accepted form of training alone is not adequate. It’s of little use when attackers keep alteration their techniques every few months. It needs to be contextualized so that advisers can analyze awful agreeable when they see it.”

Read next: This highly rated accent acquirements app in the Google Play Store is on sale today