Emotet displaced credential stealers, stand-alone downloaders and RATs and became the most prominent threat delivered via email, Proofpoint has shared.
According to the firm’s statistics, in Q1 2019 a whooping 61 percent of all malicious payloads distributed via email were Emotet.
The nature of the malicious payloads
Emotet started its life as a banking Trojan, but has morphed over time and became a malware multi-tool, capable of downloading additional malware, stealing passwords, performing brute-force attacks against accounts, sending out spam and malicious emails, and more.
It is effectively covering the capabilities of many different types of malware and, in addition to this, it is also available in a Malware-as-a-Service model, allowing threat actors to distribute malware via the botnet and leverage its large network of infected devices.
“Because Emotet has steadily shifted away from banking activities, overall volumes associated with dedicated banking Trojans now stand at 21% of malicious payloads observed in email,” the researchers noted.
“While we should not assume that banking Trojan volumes are down by 35 percentage points from Q4 2018, when we reported that they made up 56% of all malicious payloads (including, at that time, Emotet), the decline in banking Trojans after their 2018 resurgence is noteworthy as an indicator of a functional shift in the preferred malware payloads of crimeware threat actors.”
Ransomware is on a steep decline and has practically become a tool reserved for targeted attacks against organizations, which are more likely to pay – and pay handsomely – to have their servers and other critical infrastructure unlocked.
Proofpoint has pinpointed other notable trends when it comes to attacks launched via email:
- Malicious URLs in emails outnumbered malicious attachments by roughly 5 to 1 in Q1 (it was 2:1 in Q4 2018)
- “Payment” jumped to the top subject line in email fraud attacks, up 6 percentage points from Q4 2018.
- In Q1 2019, engineering, automotive and education were the industries most heavily targeted in email fraud attacks
- Over three times as many fraudulent domains had an SSL certificate as legitimate domains in Q1 2019, lending a false sense of security to end users encountering these domains online and in email attacks.