Proofpoint has released the findings from its massive Quarterly Threat Report – some of which are astonishing.
The research highlights the threats, trends, and key takeaways we see within its large customer base and in the wider threat landscape.
Every day the company analyses more than a billion email messages, hundreds of millions of social media posts, and more than 150 million malware samples and their research is built from this.
The company says the report is designed to provide actionable intelligence businesses can use to better combat today’s attacks, anticipate emerging threats and manage security posutures.
The end result? Three primary vectors continue to contain the bulk of sophisticated attacks; email, social media, and mobile.
The volume of email attacks utilising malicious URLs has exploded, making up the highest proportion of email attacks (against those that use attachments) in more than two years.
The sheer number of malicious emails soared 85 percent from the prior quarter, with the volume of emails with malicious URLs shooting up nearly 600 percent from the previous quarter and more than 2,200 percent from 12 months earlier.
Despite the upsurge of URL usage being the major driver of malicious email growth, Proofpoint asserts there was still a large number of campaigns operating with malware hidden in compressed-file archive attachments.
In terms of malware categories, ransomware remained king and accounted for almost 64 percent of all email malware attempts.
New ransomware strains appeared daily, but Locky remained the top payload and accounted for almost 55 percent of total message volume and more than 86 percent of all ransomware volume.
Banking Trojans represented 24 percent of all malicious email volume, with a strain called The Trick accounting for 70 percent of that total.
Email fraud rose 29 percent from the previous quarter, while the number of email fraud attempts per targeted organisation rose 12 percent.
While email fraud does not discriminate by size, organisations with more complex supply chains are more frequent targets.
In terms of social media, fraudulent support accounts that are used for so-called Angler Phishing, doubled from the year-ago quarter. The number of fake customer-support accounts grew 5 percent over the previous quarter while the volume of phishing links on branded social channels rose 10 percent.
"Threat actors never stop innovating, whether through new network attack vectors, more sophisticated social engineering, or evolving email campaigns with hosted malware and obfuscated code,” says Proofpoint’s vice president of Threat Operations, Kevin Epstein.
"The ongoing dominance of ransomware in the threat landscape means that it remains lucrative for actors who repeatedly demonstrate their willingness to ‘follow the money’. However, we also continue to see a combination of adaptability -- switching payloads and malware families as necessary to maximise returns -- and specialisation, as actors focus on particular regions and malware types that best suit their needs and expertise."