Secure email gateways struggle to keep pace with sophisticated phishing campaigns

In 2023, malicious email threats bypassing secure email gateways (SEGs) increased by more than 100%, according to Cofense.

In just two years, Cofense identified over 1.5 million malicious emails bypassing their customers’ SEGs, signaling a 37% increase in threats compared to 2022, and a staggering 310% increase over 2021. To put this in context, the report highlights that Cofense detected at least one malicious email bypassing their customers’ SEGs every 57 seconds.

With the increasing frequency and severity of email attacks, it is essential to train employees to identify and report malicious emails, while deploying solutions to identify and remediate threats that are actively bypassing SEGs.

“As we unveil the statistics from the 2024 Annual State of Email Security Report, it’s evident that the email-based attack vector is evolving at an unprecedented pace going into 2024,” said David Van Allen, CEO of Cofense.

The report points out that secure email gateways struggle to keep pace with sophisticated phishing campaigns and relying on ‘good enough’ email security is no longer an option for most enterprises.

“The data we present in this report speaks directly about the escalating sophistication of cyber threats, which demand a different approach to effective email security,” said Van Allen.

Phishing campaigns evolved

The report highlights that email remains the primary attack vector for cybercrime, with 90% of data breaches originating from phishing attacks aimed at employees. Secure email gateways are struggling to keep pace with the rapidly evolving nature of phishing campaigns, evidenced by a concerning 104.5% increase in the number of malicious emails bypassing SEGs in 2024.

Credential phishing, the preferred method of threat actors, also saw a staggering 67% increase in volume compared to the previous year.

• In 2023 Cofense saw an increase in tactics like vishing, smishing, brand impersonation, and QR code phishing that bypass SEGs. Cofense reported a 331% increase in QR code active threat reports (ATRs) last year.
• Healthcare and finance remained the top targeted industries – Increases in malicious emails bypassing SEGs in those industries at 84.5% and 118%, respectively.
• New malware families, including DarkGate and PikaBot, emerged to fill the gap left by the FBI’s dismantling of the Qakbot infrastructure.

Staying on top of the latest trends and tactics

Brand impersonation and vishing campaigns are on the rise, with threat actors exploiting these tactics to deceive employees. These attacks are efficient at bypassing SEGs, as they often lack attachments or obvious links.

Despite law enforcement actions in 2021, Emotet/Geodo resurfaced in 2023, highlighting the persistence and adaptability of this destructive malware. Emotet is known for its abilit to infiltrate an manipulate emai accounts, tricking unsuspecting individual into downloading infected files or clickin on malicious links. Geodo, on the other hand, operate as a botnet, creating a network of infected devices that work together to spread the virus even further.

A persistent threat throughout 2021 and 2022, Snake Keylogger remained a significant risk in 2023. As we go into 2024, its ability to evade detection by antivirus software makes it a concerning threat to organizations. Snake Keylogger is designed to secretly monitor and record every keystroke on a computer, including usernames and passwords, scan applications to steal saved credentials and exfiltrate this data through a variety of protocols delivering it back to the hackers to use or sell on the dark web.

A consistent threat, FormBook is an information-stealer malware focused on accessing sensitive information from infected systems. Businesses are urged to proactively safeguard against this pervasive threat. This malware is known to infect computer systems through malicious emails that trick unsuspecting users into opening it. Once installed, FormBook can steal sensitive information such as passwords, credit card details and browsing data without the victim’s knowledge.

A new phishing tactic leveraging Google Accelerated Mobile Pages (AMP) has been identified, proving highly successful. Cofense reports a 1,092% increase in Google AMP emails bypassing secure email gateways in the last six months of 2023.

BEC remains one of the most devastating cybercrimes, with scammers exploiting conversational-based phishing attacks. Traditional defenses often fail to catch these attacks, resulting in billions of dollars being stolen annually.