SECURITY
SECURITY
SECURITY
Credential phishing volume increases 527% in the first quarter
A new report released today by phishing detection and response solutions company Cofense Inc. details a staggering rise in credential phishing volume in the first quarter and an overall increase in active threats.
In the first quarter, Cofense detected a 527% increase in credential phishing volume from the previous quarter, a shift described as “volatile.” The volume increase year-over-year was more moderate, though still a significant 40% increase from the first quarter of 2022. Notably, the main spike in credential phishing volume occurred in March, significantly exceeding January and February.
Emotet, long a favorite among cybercriminals and once described as “the world’s most dangerous malware,” was the most popular malware type detected in the quarter. The report notes that this is directly linked to the high volume of emails that Emotet disseminates.
Behind Emotot, the Agent Telsa keylogger was the second most-used form of malware, followed by the FormBook information stealer. The quarter saw a 38% increase in the use of keyloggers, the highest increase in any malware type.
One standout in the report was a surge in malicious campaigns that abuse bots in the messaging service Telegram Messenger Inc. The use of Telegram bots increased almost fivefold in the first quarter from the previous quarter and outstripped the total volume of all of 2022 by more than fourfold.
Although slightly down the list in terms of popularity, Qakbot was identified as the most successful malware family reaching inboxes. Qakbot managed to get into inboxes at a rate 185% higher than Emotet, despite Emotet’s being the most common form of malware distributed in phishing campaigns.
The first quarter also stood out regarding how potential victims are being targeted, with a massive switch in the top malware delivery mechanism. The use of OneNote files as a delivery mechanism, with the addition of OLE packages and WSF downloaders bundled with the file, was the most popular form of delivery method in the quarter after barely being detected at all in the fourth quarter of 2022.
The rise of OneNote files as a popular delivery mechanism replaced the longstanding popular distribution method of Office macros. CVE-2017-11882, a vulnerability detected in Microsoft Equation Editor in 2017, also surged in popularity in the quarter since Emotet extensively uses it in its attack campaigns.
Image: Pixabay
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
