The volume of malicious emails soared at the beginning of the year, with Locky ransomware and the Dridex banking trojan accounting for the vast majority of document attachment-based attacks in Q1, according to Proofpoint.
The security vendor’s Quarterly Threat Summary for the first three months of 2016 revealed a 66% increase in emails containing malicious URLs and attachments over the previous quarter. When compared to the same period a year ago, the increase was a staggering 800%.
Of the emails containing malicious document attachments, Locky accounted for 24% and Dridex 74%, leading Proofpoint to warn that organizations need “scalable, automated” defenses in place to block threats before they have a chance to infect networks.
Locky, along with other malware families like TeslaCrypt and Andromeda, has been spotted recently using new obfuscation techniques designed to help it evade security filters and improve its infection rate.
Another key trend for Q1 was the increasing prevalence of so-called business email compromise (BEC) campaigns.
Also known to some as “whaling,” these attacks usually involve a cybercriminal posing as a CEO or CFO and tricking a senior finance employee into transferring funds out of the company.
Proofpoint claimed that 75% of such attacks in the period relied on “reply-to” sender spoofing designed to trick the recipient into believing they were authentic emails.
“Technical defenses (such as enhanced email firewall rules) and user training can greatly reduce the risk from these threats,” the report noted.
“Even so, attackers are improving their effectiveness faster than people can be trained to look for new threats. As a result, automated advanced email threat defenses are essential to staying ahead of this high-yield threat.”
Elsewhere, Java and Flash Player vulnerabilities continued to be favored within exploit kits, with Angler EK accounting for 60% of total EK traffic.
However, other exploit kits showed signs of growth, with Neutrino up 86% and RIG up 136%, and KaiXin and Magnitude EK traffic up over 50% from the previous quarter.