Darktrace researchers have reported that 17.8 million phishing emails were detected between December 2023 and July 2024.
The new report, published today at Black Hat USA, analyzes cyber-threats faced by businesses in the first half of the year and highlights the ongoing dominance of cybercrime-as-a-service.
According to the new figures, models like malware-as-a-service (MaaS) and ransomware-as-a-service (RaaS) continue to be significant, providing cybercriminals with pre-made malware and phishing templates and lowering the technical entry barrier for attacks.
Information-stealing malware accounted for 29% of early triaged investigations from January to June 2024. Trojans and remote access Trojans (RATs) made up 15% and 12% of the threats respectively, with botnets and loaders also notable in the threat landscape.
New threats, such as the Qilin ransomware, have emerged, employing sophisticated tactics like rebooting infected machines in safe mode to bypass security tools. Ransomware strains like Akira, Lockbit and Black Basta were observed using double extortion methods.
Despite advancements in security, phishing remains a primary concern. Of the 17.8 million phishing emails detected, 62% bypassed DMARC checks and 56% evaded all existing security layers. Attackers are increasingly using legitimate third-party services like Dropbox and Slack to blend in with regular network traffic, making detection more difficult.
Read more on phishing threats: Phishing Attacks Targeting US and European Organizations Double
The report also noted a rise in the exploitation of vulnerabilities in edge infrastructure devices. Targets included Ivanti Connect Secure, JetBrains TeamCity, FortiClient Enterprise Management Server and Palo Alto Networks PAN-OS. These vulnerabilities often serve as starting points for more extensive malicious activities. Between January and June, 40% of the cases investigated involved CVE exploitation.
“The alarming statistics in the latest Darktrace Half Year Threat Report 2024 highlight the need for organizations to adopt a multi-layered approach to email security, incorporating advanced AI-driven anomaly detection and behavioral analysis to complement traditional security measures,” warned Stephen Kowski, field CTO at SlashNext Email Security.
“This holistic strategy can help identify and mitigate sophisticated phishing attacks that evade DMARC and other conventional defenses. By continuously monitoring and adapting to evolving threat patterns, organizations can significantly enhance their email security posture.”