Cybercriminals are embracing new tactics, techniques and procedures to bypass traditional security mechanisms.
Between Dec. 21, 2023, and July 5, 2024, 62 percent of emails bypassed DMARC verification checks. DMARC industry protocols are designed to protect e-mail domains from unauthorized use. As many as 56 percent of phishing emails bypassed all existing security layers.
The percentages, based on threat analysis within Darktrace’s customer base, were determined by analyzing 17.8 million phishing emails. In doing so, Darktrace also sees increased attacks that use popular, legitimate third-party sites to blend in with normal network traffic. Examples include Slack and Dropbox. There is also a spike in covert command and control (C2) mechanisms, such as RMM tools and proxy services.
MaaS and RaaS dominant
Organizations are generally at considerable risk from Cybercrime as a Service, with Malware as a Service (MaaS) and Ransomware as a Service (RaaS) making up a significant portion of malicious tools. Operators develop the crime service in these forms of cybercrime; then someone purchases the service to carry out the attack. Three ransomware groups dominate: Akira, Lockbit and Black Basta. These are all double-extortion groups.
The most common threats during the period were information-stealing malware (29 percent), trojans (15 percent), remote access trojans (12 percent), botnets (6 percent) and loaders (6 percent). The Qilin ransomware stands out as an emerging threat. This ransomware uses sophisticated tactics, such as restarting machines in safe mode to bypass security tools and make it harder for security teams to respond quickly.
Tip: Tsunami of spoof emails due to abuse of Proofpoint service