Share:

By: Brad Haas, Cofense Intelligence 

Cofense Intelligence™has released the Q3 2020 Phishing Review. This report highlights key phishing trends uncovered by Cofense Intelligence analysts who spend every day studying current phishing campaigns and producing actionable phishing intelligence so that our customers can better defend themselves. This intelligence keeps our customers proactively defended against emerging phishing tactics, techniques and procedures (TTPs). Our analysts focus on campaigns that reach enterprise user inboxes, and report on the TTPs designed to evade secure email gateways (SEGs) and other network defense technology.  

Report Highlights 

In this quarterly report, you will read about this summer’s unusual phishing activity, and why we assess that overall phishing volume was higher in the third quarter of this year as compared to years past. Contributing to such high volume: Emotetwhich returned after months of inactivity, bringing new campaigns and adjusted tactics. This, paired with a continued surge in Agent Tesla Keylogger, contributed to a very active summer phishing season. 

This report reviews the most prevalent malware delivered via phishing in the last quarter, highlighting returning malware that had become relatively dormant in phishing but returned in recent months. Moreover, we dig into new malware families to the phishing landscape and explore the increase in Remote Access Trojan (RAT) and ransomware phenotypes. 

Of course, every malware requires a delivery mechanism, and we consistently track the most common malware delivery mechanisms used in phishing campaigns. Here, we dig into which filename extensions of malicious attachments most frequently reached end users in the last quarterand which extensions are most commonly associated with the targeting of particular industries 

Figure 1: A COVID-19-themed phishing email.  

Finally, though COVID-19 themed campaigns have greatly declined since peaking in Q2, they continue to reach end users. Read this report to see how pandemic-themed phishing has evolved, and to learn about the threat activity we expect in Q4 and the new year.  

All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks. Any observations contained in this blog regarding circumvention of end point protections are based on observations at a point in time based on a specific set of system configurations. Subsequent updates or different configurations may be effective at stopping these or similar threats. 
 
The Cofense® and PhishMe® names and logos, as well as any other Cofense product or service names or logos displayed on this blog are registered trademarks or trademarks of Cofense Inc.