Email threats increase by 37% in the first four months of the year

Written by admin

Email threats worsened in the first four months of 2022, increasing by 37% compared to the last four months of 2021. The conclusion is taken from the ESET Threat Report Q1 2022, which compiles key system statistics detection from ESET.

Despite active phishing activities, it is spam campaigns, with malicious documents from the Emotet banking Trojan family, that are cited as the main reason for this growth. In March, ESET saw a spike in large-scale Emotet email campaigns detected as DOC/TrojanDownloader.Agent variants. This increase was also recorded in Portugal and corresponds to some of the top 10 threats detected in the country during the first four months of the year.

829% increase

Globally, the incidence of DOC/TrojanDownloader.Agent in mailboxes was such that ESET recorded an 829% increase in variant detections in the last quarter of 2021. DOC/TrojanDownloader.Agent stands for malicious Microsoft Word documents that download other malicious software from the Internet. The countries most affected by the new Emotet campaigns were Japan, Italy and Spain.

However, this campaign preceded Microsoft’s decision to disable Visual Basics for Applications macros downloaded by default in Office programs, one of the main distribution channels used by Emotet. In other words, in the future, operators of this family of Trojans will be forced to look for new avenues of attack.

malicious attachments

MSIL/TrojanDownloader.Agent, which grew 130% from Q4 2021, is another threat distributed as email attachments – and Discord – with substantial growth in Q1. This malware attempts to download other malware through various methods, usually containing a URL or a list. of URL leading to the final payload. In Portugal, MSIL/TrojanDownloader.Agent was the third biggest threat detected in the first quarter.

Of the types of malicious attachments distributed via email in Q1 2022, more than half were Windows executable attachments (55%). Script files (30%) and Office documents (10%) were also popular with cybercriminals. The prevalence of Office files doubled during this period, due to Emotet activity, but is expected to decrease in the future, due to the blockage of the distribution channel.

About the author


Leave a Comment