Proofpoint research for Q2 2019 suggests that 85% of Malicious Email Spam (MalSpam) contained a link to download a malicious file rather than any old school file attachment.
Proofpoint also suggests that phishing has increased to 83% from 76% in 2018. The Q2 number continues a Q1 trend, where malicious URLs also dominated as the favorite way of distributing malware via email spam. Ransomware attacks have been in an all-time low this Quarter.
Some Findings From Proofpoint

- 57% of all malspam uses domain spoofing.
- Botnet-based malware was the most popular malware payload sent via malspam campaigns, accounting for 37% of all emails.
- Botnet malware was followed by banking trojans (23%), info stealers (16%), malware loaders (8%), remote access trojans (6%), and backdoor trojans (5%).
- As in recent quarters, ransomware was virtually absent in Q2.
- Ursnif accounted for 80% of all banking trojan payloads sent via email. It was followed by URLZone, The Trick, and Dridex.
- The ranking for info stealer had Pony in front, followed by AZORult, Loki Bot, and Formbook.

“Email is the top cyberattack vector, and today’s cybercriminals are persistently targeting high-value individuals who have privileged access or handle sensitive data within an organization,” says Proofpoint General Manager of Security Awareness Training Joe Ferrara in a statement released by the company.
This method of phishing is still successful as users are conditioned to avoid suspicious attachments than a suspicious link. URL’s are on the rise as it’s daily used in promotional emails or notifications.
An attacker might disguise an attack by releasing it as a promotion and ultimately making the victim download a file that might compromise the network or the device that is targetted by the attacker.
Research by Proofpoint suggested that 99% of the email-based cyberattacks require human interaction i.e open a file that has been a modified for malicious purposes or even a link that is unsafe.
These sort of attacks can be stopped with basic training on Internet safety and education on how these phishing acts work on a basic level.