The volume of malicious emails blocked in Q3 climbed by 85%, versus the previous three months, with ransomware by far the most common threat according to new data from Proofpoint.
The firm’s Quarterly Threat Report is the result of daily analysis of over one billion emails, hundreds of millions of social media posts, and over 150 million malware samples.
It found the volume of emails featuring malicious URLs, as opposed to attachments, has exploded over the past quarter; increasing 600% from Q2 and a staggering 2,200% from Q3 2016.
This represents the highest proportion of malicious URL emails in over two years, according to the vendor.
Ransomware remained the number one threat category, accounting for nearly two-thirds (64%) of all email attempts, with Locky alone comprising almost 55% of total message volumes and more than 86% of all ransomware.
Banking Trojans came next, with a 24% share. A strain dubbed “The Trick” accounted for 70% of the total, eclipsing Dridex.
Email fraud rose 12% in frequency per targeted organization from the previous quarter and 32% from last year.
The use of exploit kits continued to remain much lower than its 2016 peak, with the RIG EK accounting for 76% of all activity.
Proofpoint claimed attackers are layering social engineering into their exploit kit campaigns, suggesting they are looking beyond exploits as they get harder to find and obtain.
On the web front, suspicious domain registrations outnumbered defensive registrations by 20 to 1, while in social media, fraudulent “angler” accounts doubled from a year ago.
Angler phishing is a relatively new tactic which first came to light last year, in which cybercriminals register fake Twitter accounts masquerading as customer support accounts. They monitor the real support accounts for irate customers and then jump in to send messages back to those customers loaded with malicious links.