Cofense - Security Awareness Training & Email Threat Detection

Hot Off the Press: Cofense Q4 2019 Malware Trends Report

Share This Article

By Alan Rainer

The fourth quarter of 2019 showed a strong start but a dull finish, as the world eased into the holiday season. Although the end of Q3 2019 saw a resurgence in Emotet, Q4 witnessed a higher degree of phishing from the Trojan and its botnet. Read all about it, alongside other malware trends and campaigns, in the Cofense Intelligence Q4 2019 Malware Trends Report.

Continuing from Q3, Emotet picked up momentum in distributing malicious emails. From email reply chain compromises to crafty phishing templates with macro-laden documents, user inboxes found no solace. Emotet delivered financial invoices, “invites” to a Christmas party, and other phish baits to trick recipients into infecting their systems. Other malware families were not as prolific, decreasing in volume as the quarter went on.

The new year, however, is likely to hold greater wickedness. On the malware front, Windows 7’s End of Life will probably lead to the creation of new malware and look for targeted ransomware to continue growing. 2020’s election season may bring about more phishing, while geopolitical events can result in more cyber threats. And to round it off, Emotet will keep on churning.

Figure 1: Varenyky Spambot Phishing Email Sample

Our Q4 report outlines key trends, statistics, breakdowns of specific campaigns, and insights on what to expect in Q1 2020 and beyond, all of which you can use to defend your organization. Cofense Intelligence provides phishing campaign updates throughout the year, which includes comprehensive threat reports and bi-weekly trend digests.

View the Q4 2019 Malware Trends Report at:

All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks. Any observations contained in this blog regarding circumvention of end point protections are based on observations at a point in time based on a specific set of system configurations. Subsequent updates or different configurations may be effective at stopping these or similar threats.


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.