By: Brad Haas, Cofense Intelligence
Cofense Intelligence™ has released the Q3 2020 Phishing Review. This report highlights key phishing trends uncovered by Cofense Intelligence analysts who spend every day studying current phishing campaigns and producing actionable phishing intelligence so that our customers can better defend themselves. This intelligence keeps our customers proactively defended against emerging phishing tactics, techniques and procedures (TTPs). Our analysts focus on campaigns that reach enterprise user inboxes, and report on the TTPs designed to evade secure email gateways (SEGs) and other network defense technology.
In this quarterly report, you will read about this summer’s unusual phishing activity, and why we assess that overall phishing volume was higher in the third quarter of this year as compared to years past. Contributing to such high volume: Emotet, which returned after months of inactivity, bringing new campaigns and adjusted tactics. This, paired with a continued surge in Agent Tesla Keylogger, contributed to a very active summer phishing season.
This report reviews the most prevalent malware delivered via phishing in the last quarter, highlighting returning malware that had become relatively dormant in phishing but returned in recent months. Moreover, we dig into new malware families to the phishing landscape and explore the increase in Remote Access Trojan (RAT) and ransomware phenotypes.
Of course, every malware requires a delivery mechanism, and we consistently track the most common malware delivery mechanisms used in phishing campaigns. Here, we dig into which filename extensions of malicious attachments most frequently reached end users in the last quarter, and which extensions are most commonly associated with the targeting of particular industries.
Figure 1: A COVID-19-themed phishing email.
Finally, though COVID-19 themed campaigns have greatly declined since peaking in Q2, they continue to reach end users. Read this report to see how pandemic-themed phishing has evolved, and to learn about the threat activity we expect in Q4 and the new year.