top of page

Almost Half of Cybercriminals That Send Malicious Attachments Use PDFs

Cofense Intelligence, in its latest quarterly analysis of malware and credential phishing emails, revealed a notable surge in phishing threats during Q2 2023. Despite an overall decrease in malicious email activity as prominent malware operators scaled back or paused their campaigns, the quarter saw significant new phishing threats emerging.

The key highlights for Q2 2023 include a 10% increase in credential phishing indicators of compromise compared to Q1, representing a striking 85% increase from the same quarter in the previous year. Particularly noteworthy was a massive credential phishing campaign exploiting the legitimate mailing software, Supermailer, which rose an impressive 87% during the quarter.

Another concerning trend observed by Cofense Intelligence was the 25% increase in the use of compromised domains to deliver malware through embedded URLs. The NetSupport Manager Remote Access Trojan (RAT) re-emerged and experienced an 82% increase in activity during Q2. Additionally, the malware delivery mechanism, JSDropper, impressively rose by 240%.

PDF documents were the most favored choice for threat actors, accounting for 42.4% of all total malicious file attachments. Furthermore, over half (51%) of malware-delivery URLs embedded in malicious emails abused compromised legitimate domains.

The report highlighted that Agent Tesla remained a persistent threat, consistently maintaining high volume throughout the quarter. Other malware families, such as FormBook and Remcos RAT, experienced fluctuations in activity from month to month. Notably, Emotet botnet was absent during Q2, causing a drop in the Loader malware type to the fifth most common.

While keyloggers and information stealers remained relatively consistent with Q1 2023, RATs exhibited significant diversity, with NetSupport Manager, Remcos, STR RAT, and WSH RAT dominating the field.

Overall, the quarter witnessed a slowdown in malicious email activity, particularly in keyloggers and information stealers. However, RATs experienced an 82% increase from Q1 to Q2, and bankers also saw a slight uptick of 9%.

Cofense Intelligence urges enterprises to remain vigilant against evolving phishing threats and take proactive measures to safeguard their systems from potential breaches and data compromises. ###


bottom of page