Recent research has revealed a concerning rise in phishing attacks as hackers adapt their methods to bypass advanced email security systems. The latest data shows a significant increase in the volume and complexity of malicious emails, evading Secure Email Gateways (SEGs) like Microsoft and Proofpoint. These findings come from Cofense Intelligence’s third-quarter Trends Report, highlighting a notable surge in cyber threats.
At least one malicious email slips through SEGs every 45 seconds, an alarming increase from last year’s rate of one every 57 seconds. This trend underscores the growing sophistication of phishing campaigns targeting unsuspecting users and organisations.
Remote Access Trojans (RATs) on the rise
One of the key findings in the report is the sharp increase in Remote Access Trojan (RAT) usage. RATs are a powerful tool for cybercriminals, enabling them to take control of victims’ systems remotely. Once inside, attackers can steal sensitive data, install additional malware, and maintain persistent access to compromised networks.
A significant player in this rise is the Remcos RAT, a widely used tool that grants attackers complete control over infected devices. With the ability to exfiltrate data and deploy further exploits, Remcos RAT is a favourite among hackers.
Additionally, open redirects have become a popular technique in phishing campaigns, with a staggering 627% increase in their use. Open redirects exploit legitimate websites by redirecting users to malicious URLs, often disguised behind trusted domains. Popular platforms like TikTok and Google AMP are frequently abused in such attacks due to their high traffic and widespread user base.
Malicious Office documents and phishing
The report also highlights a dramatic 600% rise in the use of malicious Microsoft Office documents, particularly those in the .docx format. These files often include phishing links or QR codes that expose victims to harmful websites.
Microsoft Office documents remain a preferred attack vector for cybercriminals due to their prevalent use in professional settings. Spear-phishing campaigns exploit these documents to target businesses, demonstrating the attackers’ strategic focus.
Shift towards Russian domains
Hackers are also turning to less common domain extensions like .ru (Russia) and .su (Soviet Union) for data exfiltration. These top-level domains (TLDs) have seen usage spikes of over fourfold and twelvefold, respectively. Using such domains allows cybercriminals to evade detection, making it harder for victims and security teams to trace stolen data.
These findings suggest a clear shift in attack tactics as cybercriminals refine their methods to stay ahead of security measures. With phishing attacks becoming more complex, organisations must remain vigilant, update their security protocols, and educate users about the evolving threats.
