VIPRE Q2 Email Security Report Reveals Malspam Attacks Up, News Sectors Targeted

VIPRE Security Group, a global leader and award-winning cybersecurity, privacy, and data protection company, today released its latest email-focused security research, “The VIPRE Q2 Email Security Report,” a quarterly report that provides deep insights into the email threat landscape based on the analysis of nearly 2 billion emails.

Specifically, according to VIPRE, 85% of phishing emails utilized malicious links in the content of the email, and spam emails increased by 30% from Q1 to Q2 2023. Information technology organizations also overtook financial institutions (9%) as the most targeted sector for phishing in Q2 as compared to VIPRE’s previous quarterly report.

Additionally:

• 58% of malicious emails utilized spoof content
• 67% of spam emails in Q2 originated in the US
• Qakbot was the top malware family in Q2 2023

In its analysis, VIPRE also discovered a new, macro-less malspam email campaign containing a spoof “.docx” – macro-less means the attacker bypasses the security warnings added to Microsoft Office programs in response to traditional macro malware. This specific campaign contained a malicious external resource page called up when the victim opened the file.

A previously unknown malspam email campaign exploits the CVE-2022-30190 (or “Follina) vulnerability, facilitating remote code execution (RCE) on the victim’s system by leveraging the Microsoft Support Diagnostic Tool (MSDT).

Furthermore, in Q2 2023, 58% (~130 million) of the nearly 230 million malicious emails VIPRE detected utilized nefarious content. Likewise, 42% (~95.7 million) of these emails involved malicious links, and, most interestingly, VIPRE detected 90,000 of the 5 million malicious attachments with behavioral-driven monitoring.

Malicious content likely tops the Q2 2023 list because, with security awareness programs becoming increasingly more common, users are less likely to open suspicious links or attachments. Cybercriminals use malicious content to trick victims into performing an action, such as approving or submitting a payment – significantly more challenging to detect.

The efficacy of malicious content also explains why so many scam emails (48%) in Q2 were business email compromise (BEC) scams, as they typically favor content over links or attachments.

The top email threat attack targets, according to the report, shifted significantly from Q1 to Q2 2023, with financial institutions falling dramatically from 25% in the first quarter to only 9% in quarter two. This decline is likely the result of financial institutions continuing to invest resources into preventing these attacks, which means a lower success rate by cybercriminals.

Increased use of QR codes as attack vector

During the assessment, VIPRE also discovered that many phishing emails utilized QR codes as a primary attack method, which diverted users to a phishing page. The increased use of QR codes suggests that users are increasingly aware of traditional email-based attack techniques, such as malicious links or attachments, forcing threat actors to switch to more unconventional methods.

While most (67%) spam emails originate in the US, cybercriminals obfuscate their location of origin to avoid detection.

“Precious few vendors possess the experience, expertise, and resources to analyze the email threat landscape properly,” said Usman Choudhary, chief product and technology officer at VIPRE. “Based on the billions of data points available to us across a large and diverse set of our customers’ business environments, we’re able to utilize more than two decades of data and experience to deliver accurate and, most importantly, actionable email threat research to the market.”

The VIPRE research team has analyzed nearly 1.8 billion emails for the Q2 2023 email threat report, and collated the results in a comprehensive, accessible report to help organizations worldwide to tackle email security threats.

VIPRE has more than 25 years of malware protection expertise, services upwards of 50,000 customers, boasts more than 4,000 channel partners, and secures more than one million endpoints. Based on these metrics, VIPRE is uniquely positioning them to provide insight into the email threat landscape. Its extensive network of sophisticated, AI-driven email security systems catches billions of potentially threatening emails, securing endpoints many vendors are not able to protect.

About the VIPRE Q2 2023 Email Threat Report

VIPRE’s Q2 2023 Email Threat Report provides a rare glimpse into the email threat landscape, exposing malicious trends and bringing adversarial email tactics to light. We use our updated threat data to influence our email security solution delivery, customizing our platform to meet the challenges enterprises face today – quarter by quarter.

To read the full Q2 2023 Email Threat Trends report, click here.

For more information about VIPRE’s email security solutions, click here.

About VIPRE Security Group

VIPRE Security Group, part of Ziff Davis, Inc., is a leading provider of internet security solutions purpose-built to protect businesses, solution providers, and home users from costly and malicious cyber threats. With more than 25 years of industry expertise, VIPRE is one of the world’s largest threat intelligence clouds, delivering exceptional protection against today’s most aggressive online threats. Its award-winning software portfolio includes next-generation antivirus endpoint cloud solutions, advanced email security products, along with threat intelligence for real-time malware analysis, and security awareness training for compliance and risk management. VIPRE solutions deliver easy-to-use, comprehensive layered defense through cloud-based and server security, with mobile interfaces that enable instant threat response.

The group operates under various brands, including VIPRE®, StrongVPN®, IPVanish®, Inspired eLearning®, Livedrive®, and SugarSync®. www.VIPRE.com