Cybercriminals use a variety of methods for initial access to victims’ networks and tactics are constantly changing. Ransomware groups are increasingly targeting boundary devices such as routers, firewalls, and the virtual private networks that sit between the Internet and business networks, with the first quarter of this year seeing a decline in attacks exploiting vulnerabilities for initial access. According to the ransomware remediation firm Coveware, remote access is now favored by ransomware groups. In Q1, 2024, Remote Desktop Protocol (RDP) compromise was the most commonly identified initial attack vector.
Phishing is still commonly used for initial access, although there has been a fall in phishing-based attacks by ransomware groups; however, it is common for ransomware groups to chain email phishing with RDP compromise and the exploitation of software vulnerabilities for more impactful attacks. What is clear from the data is threat actors are conducting more sophisticated attacks and are taking steps to cover their tracks. Coveware reports that the initial access vector was unknown in around 45% of attacks.
While ransomware groups may be concentrating on non-email attack vectors, phishing attempts by cybercriminals have increased significantly over the past year. A new analysis by researchers at the antivirus company Kaspersky found that phishing attempts increased by 40% in 2023, with threat actors increasingly using messaging apps such as Telegram in their attacks as well as social media networks.
Phishing is also becoming more sophisticated and increasingly personalized. There is growing evidence that threat actors are using generative artificial intelligence engines to craft new lures to use in their campaigns, especially spear phishing attacks. The near-perfect messages that GenAI creates can make it difficult for end users to distinguish phishing emails from genuine communications.
The problem for many businesses is threat actors are constantly evolving their tactics and are conducting increasingly sophisticated campaigns, yet email security defenses are not maintaining pace. Many Microsoft 365 users find that while Microsoft Defender and EOP block a good percentage of spam emails and many phishing threats, more sophisticated threats are not detected. Having a cybersecurity solution such as PhishTitan augments Microsoft 365 defenses and ensures sophisticated threats are blocked. For every 80,000 emails received, PhishTitan catches 20 unique and sophisticated phishing attacks that Microsoft’s expensive E5 premium security misses.
PhishTitan helps with post-delivery remediation, allowing security teams to rapidly remove phishing threats from the email system when a threat is reported, adds a banner to emails warning users about suspicious messages, and rewrites URLs to show the true destination to combat spoofing. The solution also includes time-of-click protection to combat phishing links that are weaponized after delivery, and AI- & LLM-driven anti-phishing analysis to identify previously unseen phishing threats.
The use of malware in email campaigns is also increasing. In 2023, 6.06 billion malware attacks were identified worldwide, up 10% from the previous year, with loaders, information stealers, and remote access trojans (RATs) the most common malware threats. While signature-based detection mechanisms once served businesses well, the rate at which new malware variants are released means many threats are not detected as malware signatures have yet to be uploaded to antivirus defenses. The key to blocking these zero-day threats is email sandboxing.
An email sandbox is an isolated environment where messages that meet certain criteria are sent after scans by antivirus engines have shown the messages to be free from malware. In the sandbox, messages are subjected to deep inspection to identify malware from its behavior rather than signature. Many malware variants have been developed to resist analysis or pass sandbox checks, such as delaying malicious actions for a set period. A slight disadvantage of email sandboxing is a small delay in email delivery, but it is important to ensure that messages are analyzed in detail and anti-sandboxing capabilities are defeated. There are, however, ways to get sandbox protection while minimizing the impact on the business.
Whether you are looking for a gateway spam filter or a hosted spam filter to improve protection against email threats or advanced phishing protection, TitanHQ can help. Give the team a call today for detailed information on TitanHQ products and advice on the most effective solutions to meet the needs of your business. You can take advantage of the free trials of TitanHQ products, which are provided with full support to help you get the most out of the trial.