Vulnerability Management, Email security

Significant increase in credential phishing volumes reported

Share

Significant credential phishing attacks in March prompted first-quarter phishing volumes to spike by 527% over the previous quarter, as well as a 40% increase over the same period last year, SiliconAngle reports. Most used in credential phishing attacks was the Emotet malware, followed by the Agent Tesla keylogger and the FormBook information-stealing malware, with keyloggers having the greatest increase in usage, while Qakbot had the highest success rate, a report from Cofense showed. Meanwhile, attacks exploiting bots in the Telegram messaging app have surged in the previous quarter, with bot usage nearly five times higher than in the last quarter of 2022 and four times higher than in the entirety of 2022. Threat actors have also mostly transitioned to leveraging Microsoft OneNote files, OLE packages, and WSF downloaders to facilitate the delivery of malware, replacing the use of Office macros as the most popular means of malware distribution, according to researchers.