Intelligence report: phishing trends.

Cofense has released a report today detailing phishing intelligence trends in Q3 2022. Overall, it was found that malware-delivery activity dropped in July with the disappearance of Emotet, with the volume staying the same after July’s drop.

Most common malware types.

The top five malware types from Q2 were also the top malware types for Q3, with keyloggers and remote access Trojans gaining traction in this quarter. Loaders, keyloggers, information stealers, remote access Trojans, and bankers were, in that order, the top five malware types, with Emotet/Geodo, Agent Tesla, FormBook, Remcos RAT, and QakBot taking prominence as the top malware families of each type.

The impact of Emotet’s disappearance.

Emotet vanished from the phishing landscape in July of this year, which had a major impact on the trends shown in the report. The overall amount of phishing attacks for the quarter was significantly lower in the absence of Emotet, and the delivery mechanism and malware types used by Emotet topped the rankings in the start of the quarter and diminished over time. Emotet, however, still outscaled all other malware-delivery families, despite its short use this quarter. It is possible, due to traffic observed in October by Cofense, that Emotet may be back.

QakBot: a malware family to watch.

QakBot was identified by Cofense as the “malware family to watch” during Q3, and despite low overall volume, there were developments and new tactics, techniques, and procedures (TTPs) that keep QakBot as the main malware family to watch again this quarter. A new tactic of QakBot operators includes hardcoding payloads into malicious HTML attachments, instead of using embedded URLs or redirects.