Spam Mail Contains Malicious URLs Instead of File Attachments

Proofpoint research for Q2 2019 suggests that 85% of Malicious Email Spam (MalSpam) contained a link to download a malicious file rather than any old school file attachment.

Proofpoint also suggests that phishing has increased to 83% from 76% in 2018. The Q2 number continues a Q1 trend, where malicious URLs also dominated as the favorite way of distributing malware via email spam. Ransomware attacks have been in an all-time low this Quarter.

Some Findings From Proofpoint

proofpoint mailspam
Proofpoint Graph on Malspam
  1. 57% of all malspam uses domain spoofing.
  2. Botnet-based malware was the most popular malware payload sent via malspam campaigns, accounting for 37% of all emails.
  3. Botnet malware was followed by banking trojans (23%), info stealers (16%), malware loaders (8%), remote access trojans (6%), and backdoor trojans (5%).
  4. As in recent quarters, ransomware was virtually absent in Q2.
  5. Ursnif accounted for 80% of all banking trojan payloads sent via email. It was followed by URLZone, The Trick, and Dridex.
  6. The ranking for info stealer had Pony in front, followed by AZORult, Loki Bot, and Formbook.
Q2 Threat Assessment
Q2 Threat Assessment

“Email is the top cyberattack vector, and today’s cybercriminals are persistently targeting high-value individuals who have privileged access or handle sensitive data within an organization,” says Proofpoint General Manager of Security Awareness Training Joe Ferrara in a statement released by the company.

This method of phishing is still successful as users are conditioned to avoid suspicious attachments than a suspicious link. URL’s are on the rise as it’s daily used in promotional emails or notifications.

An attacker might disguise an attack by releasing it as a promotion and ultimately making the victim download a file that might compromise the network or the device that is targetted by the attacker.

Research by Proofpoint suggested that 99% of the email-based cyberattacks require human interaction i.e open a file that has been a modified for malicious purposes or even a link that is unsafe.

These sort of attacks can be stopped with basic training on Internet safety and education on how these phishing acts work on a basic level.

Leave a Comment