Cofense, the leading provider of solutions for detecting and responding to phishing attacks, has made public its 2023 Annual State of Email Security Report. which highlights the growing threats that continuously bypass standard email security solutions. The report revealed a significant surge in malicious phishing emails, which rose by 569% in 2022, as well as a 478% increase in threat reports related to credential phishing.

By leveraging both artificial intelligence and machine learning in conjunction with a global network of over 35 million individuals, Cofense has access to a dynamic and vast dataset of advanced threat intelligence. This allows for unparalleled visibility into emails that slip past standard email gateways (SEGs) and directly target users' inboxes, highlighted by a 99.996% accuracy rate on phishing threat analysis over the last year.

The top 5 trends in the email security landscape for 2022 include:

• Credential phishing is the top attack vector with a 478% increase in malicious emails identified.
• Emotet & QakBot remain the top malware families.
• Business email compromise (BEC) continues to be one of the top cybercrimes for the eighth year in a row.
• Web3 technologies used in phishing campaigns increased by 341%.
• Telegram bots as exfiltration destinations increased by 800%.

Top Malware Families to Watch:

The Cofense team noted a 44% surge in malware attacks in 2022 compared to the previous year. The report emphasizes the top five malware families responsible for the majority of phishing campaigns distributed in 2022.

The five most prevalent malware families of 2022 identified in the report are Emotet, Qakbot, Formbook, Agent Tesla, and Snake. Most notably, the continued position of Emotet at the top of the list is a testament to its ability to out scale all other malware-delivery campaigns, even after months of inactivity. This underscores its ability to outpace all other malware delivery campaigns. Furthermore, Qakbot has continued to develop advanced defensive mechanisms to evade malware analysis, and the phishing emails that distribute this malware continue to successfully infiltrate users' inboxes.

The Need to Guard Against Phishing in Saudi Arabia:

Phishing, spoofing, and business email compromise (BEC), along with other social engineering attacks, are becoming more frequent and sophisticated. These malicious activities can be customized based on human behavior, making it increasingly difficult for organizations in Saudi Arabia, even with network security measures in place, to detect and protect against them.

Attackers often exploit human error, rather than software or operating system vulnerabilities, as they recognize that users are more likely to trust a message that appears to come from a legitimate source. This can result in the compromise of confidential information, unauthorized access to organizational finances, and technical attacks on a company's network. It is worth noting that most cyber-attacks are initiated through successful phishing emails, making it critical for organizations to take steps to educate their employees and implement strong security measures to defend against these threats.

The first step towards mitigating the risk of a successful cyber-attack is to conduct a series of automated, real-life phishing simulations customized for your organization. This allows your employees to safely experience what an attack might look and feel like, and to receive related security training aimed at increasing their understanding of the wider threat landscape. By providing training on how to report and enforce best practices, organizations can ultimately reduce the risk of a successful attack or breach.

Cofense PhishMe stands out as the best phishing simulation solution due to its ability to change risky behavior and empower employees to recognize and report phishing emails. The Cofense methodology delivers real-world examples and content focused on current threats, such as ransomware, business email compromise, and spear phishing attacks. Unlike phish testing, which only assesses vulnerability, Cofense PhishMe conditions smarter user behavior through continual learning and phishing awareness training.

It is crucial to provide appropriate awareness training to ensure that staff members are fully equipped to detect and report phishing emails immediately. This allows internal security teams to prioritize, analyze, and take action on potential threats swiftly.

Are you interested in trying out PhishMe? Contact Ctelecoms today to learn more!

Related blogs:

- https://www.ctelecoms.com.sa/en/Blog340/You-Think-Phishing-Awareness-Training-Is-Not-important-Think-Again!

- https://www.ctelecoms.com.sa/en/Blog452/Phishing-is-becoming-increasingly-common-and-more-sophisticated.

- https://www.ctelecoms.com.sa/en/Blog482/How-can-you-create-a-human-firewall-as-a-defense-against-phishing