Credential phishing IOCs increased nearly 45% in Q3
CoFense –
During Q3 of 2023, there was a significant increase in credential phishing and malware campaigns.
The volume of credential phishing indicators of compromise (IOCs) rose by 45% compared to Q2 and by 85% from Q3 2022.
QR codes embedded in images and PDFs within phishing emails also increased, likely due to the difficulty of security infrastructure in checking links and embedded content.
PDFs remained the most popular phishing email attachment, accounting for almost 50% of malicious file extensions in email campaigns during the quarter.
Notable findings include the inactivity of Emotet and QakBot, with QakBot remaining silent since Q2 2023 and Emotet since Q1 2023.
This silence could be attributed to the FBI takedown, potentially leading to the emergence of a new botnet to replace QakBot.
Additionally, there was an increase in reconnaissance and utility tool malware, such as Browser Password Dump Utility and Email Password Dump Utility, making them the fifth most prevalent malware type in Q3.
Link: https://cofense.com/blog/credential-phishing-iocs-increased-in-q3/