Proofpoint released its Q3 2019 Threat Report, highlighting the threats and trends across Proofpoint’s global customer base and in the wider threat landscape. Notably, Proofpoint found that despite a nearly four-month absence, the return of Emotet within the last two weeks of September accounted for nearly 12 percent of all malicious email samples in Q3, delivering millions of messages with malicious URLs or attachments.
“As individuals become accustomed to email-based lures, cybercriminals are broadening the scope of their attacks with more robust and insidious malicious payloads. The resurgence of malware such as Emotet – which targeted organisations in the Middle East – has also been met with more sophisticated forms of social engineering, as illustrated in our Q3 Threat Report”, said Emile Abou Saleh, Regional Director, Middle East and Africa for Proofpoint. “As cyberthreats continue to grow in volume and sophistication, it is paramount that organisations in the Middle East build a robust and people-centric cybersecurity strategy to protect their data, customers and, most importantly their people.”
TA542, the cybercriminal group responsible for distributing Emotet, also expanded its regional targeting during this period to several new countries, including Italy, Spain, Japan, Hong Kong, and Singapore. Reverting to methods that the group had shifted away from in early 2019, TA542’s re-emergence included highly targeted seasonal and topically relevant lures rather than generic financial themes. For example, on Sept. 23, Proofpoint observed the actor leveraging news-related “Snowden” lures.