Small and medium-sized businesses should be especially wary of cyberattacks using phishing and other forms of email (opens in a new tab) as their number has exploded over the past year, experts have warned.
A Cofense report analyzed data received from 35 million people around the world and found that there was a 569% increase in phishing attacks through 2022.
Reports related to credential phishing also increased by 478% last year.
Emotet and Quakbot
When scammers aren't looking for login credentials and other identity data, they try to distribute ransomware and other forms of malware.
Emotet and QuakBot remain the two most widely distributed malware families, the researchers said, adding that the number of malware attacks increased by 44% year-over-year. Emotet is particularly impressive, they say, because even after months of inactivity, this botnet has managed to outperform all other malware delivery campaigns with relative ease.
For Tonia Dudley, vice president and director of information security at Cofense, these threats have increased in frequency, intensity and sophistication, which justifies a rapid response from IT teams. "Increased attacks on nation states and major incidents in general continue to put pressure on increased visibility of an organization's security program to boards of directors, business leaders and cyber insurers," Dudley said. "With this pressure, organizations must continue to evaluate ways to mitigate risk and assess what email security controls need to be added or enhanced to improve their overall security posture."
Cofense also says organizations should be on the lookout for business email compromise (BEC) attacks, as this type continues to be "one of the top cybercrimes" for the eighth consecutive year.
Finally, Web3 technologies used in phishing campaigns more than tripled (341%), while the number of Telegram bots used as exfiltration targets increased eightfold (800%).