- Data exfiltration tactics are shifting to Russian domains
- Remote Access Trojans See 59% Increase in Phishing Emails
- Malicious emails now bypass secure gateways every 45 seconds
New research has found that there is a significant increase in malicious email activity, as well as a change in attack strategies.
On average, at least one malicious email bypasses secure email gateways (SEGs), such as Microsoft and Proofpoint, every 45 seconds, marking a notable increase from the previous year’s rate of one every 57 seconds. , as shown in Cofense Intelligence’s Third Quarter Trends Report. .
There is a sharp increase in the use of Remote Access Trojans (RATs), which allow attackers to gain unauthorized access to the victim’s system, often leading to data theft or further exploitation.
Increased use of Remote Access Trojans (RATs)
Remcos RAT, a tool widely used among cybercriminals, is one of the main culprits for the rise in RAT attacks. It enables remote control of infected systems, allowing the attacker to extract data, deploy additional malware, and gain persistent access to compromised networks.
Open redirects as a technique in phishing campaigns are also gaining prominence, with the report revealing a 627% increase in their use. These attacks take advantage of the functionality of legitimate websites to redirect users to malicious URLs, often masking the threat behind known, trusted domains.
TikTok and Google AMP are often used to carry out these attacks, taking advantage of their global reach and frequent use by unsuspecting people.
The use of malicious Office documents, especially those in .docx format, increased dramatically by almost 600%. These documents often contain phishing links or QR codes that direct victims to harmful websites.
Microsoft Office documents remain a popular attack vector due to their widespread use in enterprise environments, making them ideal for attacking organizations via phishing campaigns.
Additionally, there is a significant shift in data exfiltration tactics, with increased use of .ru and .su top-level domains (TLDs). Domains using the .ru (Russia) and .su (Soviet Union) extensions experienced usage spikes of more than four and twelve times, respectively, indicating that cybercriminals are turning to less common and geographically associated domains to evade detection and make things more difficult for victims and security. equipment to track data theft activities.
