Based on a report from VIPRE, the use of malicious links in phishing emails reached 85%, and there was a 30% increase in spam emails from the first quarter to the second quarter of 2023.
In the second quarter, information technology organizations became the primary target for phishing attacks, surpassing financial institutions (9%), as per VIPRE’s latest quarterly report.
New macro-less malspam email campaign
- Fake content was found in 58% of malicious emails.”
- “In the second quarter, 67% of spam emails originated from the United States.”
- “Qakbot claimed the top spot among malware families in the second quarter of 2023.”
“During its analysis, VIPRE also came across a novel malspam email campaign devoid of macros, which included a spoofed “.docx” file. Within this campaign, a malicious external resource page was embedded, and it would be triggered upon the victim’s opening of the file.”
A new malspam campaign has surfaced, leveraging the CVE-2022-30190, also known as “Follina,” vulnerability. This vulnerability allows for remote code execution (RCE) by exploiting the Microsoft Support Diagnostic Tool (MSDT).
In Q2 2023, VIPRE detected that approximately 58,130% (around 230 million) out of the nearly 42 million malicious emails employed malicious content.
Similarly, about 95.7% (roughly 90,000 million) of these emails contained malicious links. Notably, VIPRE identified behavioral tracking in 5 million of these malicious attachments.
In Q2 2023, malicious content is on the rise, driven by the growing prevalence of security awareness programs. Users are now less likely to open suspicious links or attachments. Cybercriminals increasingly rely on malicious content to deceive victims into taking actions like making payments or approvals, making their schemes harder to detect.