Cofense Annual Email Security Report 2024

Keypoints

• Annual cybersecurity reports typically consist of sections such as an introduction, numerical data on threat trends, detailed analysis of attack techniques, and future threat predictions, providing a comprehensive overview of the current cybersecurity landscape.
• In 2024, reports consistently reveal a more than 100% increase in malicious emails bypassing secure email gateways (SEGs), with Cofense detecting a malicious email every minute, underscoring the effectiveness of threat actors’ evasive tactics.
• Credential phishing remains the dominant threat, responsible for 91% of active threat reports, with a 67% increase from the previous year, utilizing techniques like vishing, smishing, and QR code phishing, which have seen a 331% rise in activity.
• Phishing campaigns are adopting new methods such as Google AMP URLs to evade detection, while threat actors increasingly use brand impersonation and vishing to manipulate victims and bypass traditional security controls.
• Emerging malware families including DarkGate, PikaBot, Emotet/Geodo, Agent Tesla, FormBook, and Snake Keylogger illustrate the evolving malware landscape, with new campaigns replicating tactics from previously dismantled infrastructures like Qakbot.
• Reports highlight the exploitation of social engineering tactics and advanced malware delivery chains, emphasizing the necessity for comprehensive security strategies combining user training with advanced detection tools to counteract these evolving threats.