Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,177
- Points
- 113
F. A. C. C. T. analyzed malicious mailings in the second quarter of 2024.
The company F. A. C. C. T. conducted a study of malicious mailings for the second quarter of 2024. The analysis revealed a number of significant changes and trends that companies and users should pay attention to in order to protect themselves from cyber threats.
Thursday has become a new "hunting day" for cybercriminals. It was on this day of the week that the largest number of phishing emails was recorded - 22.5% of the total number for the week. The smallest number of such emails occurred on Sunday.
It is interesting to note that criminals are increasingly using free public email domains for their mailings. More than 96.5% of emails with malicious content are now sent from separate domains. This approach significantly increases the chances of building trust in a potential victim.
Attackers are actively adapting their methods to suit the Russian audience. If in 2023 only 6% of phishing emails were related to Russia and the CIS countries, in 2024 this figure more than doubled to 13%. Criminals are increasingly using Russian and other languages of the CIS countries, as well as adapting their "legends" to local realities.
An interesting trend is observed in the use of email services. The share of Gmail in phishing mailings decreased from 80.4% to 49.5%, while Russian services showed rapid growth - from 13.1% to 35.3%.
Cybercriminals in mass phishing mailings used attachments to deliver malware to end devices, their share was more than 97%. The share of emails with malicious links increased from 1.6% to 2.7%. Often, using a link to download a VPO, attackers try to determine who is following the link in order to prevent detection by security tools. To do this, attackers can use a variety of techniques, for example, an additional link in the form of a web page with a CAPTCHA test — only after passing it, the victim will be sent a malicious file.
Archives of various formats (.rar, .zip, .7z files still lead the way among malicious attachments, accounting for 81.4% of the total number. In the vast majority of cases, archives contain executable files in the PE format (Portable Executable). The share of files related to office services remained almost unchanged — 6.5%.
Spyware remains the main weapon of cybercriminals. Agent Tesla is the leader, occurring in 56.1% of malicious mailings. It is followed by the CloudEyE downloader (11%) and the FormBookFormgrabber styler (10.5%). These programs can collect sensitive data, passwords, and other critical information.
Of particular concern is the appearance of the LockBit cryptographic program in phishing mailings. Usually, such programs are used in the final stages of an attack, when the victim's systems are already compromised. The use of cryptographers at the initial stage indicates a new, more aggressive strategy of attackers aimed at causing damage as quickly as possible.
Experts emphasize that phishing emails remain the main vector of compromising corporate systems. Many high-profile incidents involving data leaks or service failures were caused by malicious programs that penetrated through email.
Source
The company F. A. C. C. T. conducted a study of malicious mailings for the second quarter of 2024. The analysis revealed a number of significant changes and trends that companies and users should pay attention to in order to protect themselves from cyber threats.
Thursday has become a new "hunting day" for cybercriminals. It was on this day of the week that the largest number of phishing emails was recorded - 22.5% of the total number for the week. The smallest number of such emails occurred on Sunday.
It is interesting to note that criminals are increasingly using free public email domains for their mailings. More than 96.5% of emails with malicious content are now sent from separate domains. This approach significantly increases the chances of building trust in a potential victim.
Attackers are actively adapting their methods to suit the Russian audience. If in 2023 only 6% of phishing emails were related to Russia and the CIS countries, in 2024 this figure more than doubled to 13%. Criminals are increasingly using Russian and other languages of the CIS countries, as well as adapting their "legends" to local realities.
An interesting trend is observed in the use of email services. The share of Gmail in phishing mailings decreased from 80.4% to 49.5%, while Russian services showed rapid growth - from 13.1% to 35.3%.
Cybercriminals in mass phishing mailings used attachments to deliver malware to end devices, their share was more than 97%. The share of emails with malicious links increased from 1.6% to 2.7%. Often, using a link to download a VPO, attackers try to determine who is following the link in order to prevent detection by security tools. To do this, attackers can use a variety of techniques, for example, an additional link in the form of a web page with a CAPTCHA test — only after passing it, the victim will be sent a malicious file.
Archives of various formats (.rar, .zip, .7z files still lead the way among malicious attachments, accounting for 81.4% of the total number. In the vast majority of cases, archives contain executable files in the PE format (Portable Executable). The share of files related to office services remained almost unchanged — 6.5%.
Spyware remains the main weapon of cybercriminals. Agent Tesla is the leader, occurring in 56.1% of malicious mailings. It is followed by the CloudEyE downloader (11%) and the FormBookFormgrabber styler (10.5%). These programs can collect sensitive data, passwords, and other critical information.
Of particular concern is the appearance of the LockBit cryptographic program in phishing mailings. Usually, such programs are used in the final stages of an attack, when the victim's systems are already compromised. The use of cryptographers at the initial stage indicates a new, more aggressive strategy of attackers aimed at causing damage as quickly as possible.
Experts emphasize that phishing emails remain the main vector of compromising corporate systems. Many high-profile incidents involving data leaks or service failures were caused by malicious programs that penetrated through email.
Source
