Research focuses on email security

Analysis of over 7 billion emails shows clean links are duping users, malicious EML attachments increased 10-fold in Q4, AgentTesla malware family has gained the top spot, and social engineering attacks persistently remain at an all-time high.

  • Wednesday, 14th February 2024 Posted 9 months ago in by Phil Alsop

VIPRE Security Group has released its report titled “Email Security in 2024: An Expert Look at Email-Based Threats”. The 2024 predictions for email security in this report are based on an analysis of over 7 billion emails processed by VIPRE worldwide during 2023. This equates to almost one email for everyone on the planet. Of those, roughly 1 billion (or 15%) were malicious.

This research warns that in 2024, QR code hacks or quishing will increase, use of AI to create content for spam emails including deepfakes will rise; highly personalized social media mining will grow further; and a wide array of file types and formats – especially EML – will be used to propagate phishing and malware attacks. There will also be a marked uptick in state-sponsored attacks.

Key highlights

As network security tools have improved in recent years, the corporate inbox has become an ever more attractive target to attackers. Often protected by nothing more than human nature and an antivirus, cybercriminals continue to use email to launch their most basic and persistent attacks. Now and again, they get a bit creative, which has come to bear in the past twelve months.

Clean links are duping users. When it comes to the method of attack, threat actors this past year favoured links over other delivery methods (like attachments and QR codes) nearly seven to one (71%). The year before, VIPRE saw a 50/50 split, but their popularity is improving as attackers are getting smarter about what kinds of links they leverage. Based on this current trend, the use of such links are expected to increase this year, although not in the ways we might assume.

EML attachments defy detection. While EML attachments were a present threat throughout 2023, they increased tenfold in Q4. The benefit of sending malicious payloads via EML file is that they can get easily overlooked by many basic email security solutions when attached to the actual phishing email (which comes out clean). The malicious directions, hidden in plaintext within the body of the EML, may then encourage users to navigate to a link, call a phone number, or otherwise engage in a scam. Partly because of the novelty of EML use, curious users are prone to open, follow, and fall prey.

Browsers under attack. Q4’s top malware family, AgentTesla, infiltrates a target machine and harvests sensitive data off any number of qualifying browsers. This shows that attackers are launching malware merely for reconnaissance now, as valuable artifacts like username, computer name, operating system, CPU name, RAM, and IP address may fetch more on the Dark Web than they could garner in a one-off attack.

Malware skyrockets – still not top spot. Email-delivered malware remains a favorite, increasing by 276% between January and December of last year. However, despite the boost, it accounted for only 5% of malspam overall, trailing commercial spam (“Deal Ends Now!”), general scams, and phishing. Perhaps threat actors have found that it’s easier to trick end users than security solutions, which do manage to snag malware despite falling behind in emerging tactics like social engineering attacks. Consequently, numbers are low. The real weak link remains humans, as the prevalence of social engineering attacks will attest; of all spam emails, 35% were scams, and 22% were phishing attempts.



Targeted verticals. Financial services (22%) was the most targeted sector by phishing and malspam emails, followed by information technology (14%), healthcare (14%), education (10%), and government (8%). Information technology experienced a 59% increase in attacks between Q1 and Q4, whilst attacks on government inboxes went up by a staggering 16,000%.

“When you take a look at the kinds of [email] threats we’re seeing today, a lot of them are preventable. It just takes the right tools, but most companies don’t know they exist because email doesn’t always get the same kind of security attention as the rest of the network. Unfortunately, threat actors know this,” said Usman Choudhary, General Manager, VIPRE Security Group. 

The promise of AI is on every biopharma’s radar, but the reality today is that much of the industry is grappling with how to convert the hype into...
IT teams urged to resolve ‘data delays’ as UK executives struggle to access and use relevant business data.

‘Playtime is over’ for GenAI

Posted 4 days ago by Phil Alsop
NTT DATA research shows organizations shifting from experiments to investments that drive performance.

GenAI not production-ready?

Posted 4 days ago by Phil Alsop
Architectural challenges are holding UK organisations back - with just 24% citing having sufficient governance to implement GenAI.

AI tops decision-makers' priorities

Posted 4 days ago by Phil Alsop
Skillsoft has released its 2024 IT Skills and Salary Report. Based on insights from more than 5,100 global IT decision-makers and professionals, the...

The state of cloud ransomware in 2024

Posted 4 days ago by Phil Alsop
Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security realm.
Talent and training partner, mthree, which supports major global tech, banking, and business clients to build job-ready teams, has revealed the...

AI innovation is powering the Net Zero transition

Posted 4 days ago by Phil Alsop
Whilst overall AI patent filings have slowed, green AI patent publications grew 35% in 2023.