A report by Darktrace analyzed 17.8 million phishing emails and found 62% were able to pass verification checks for domain-based message authentication, reporting and conformance (DMARC). Over a third of these emails also avoided detection by major email providers. 56% bypassed all existing security measures.
The report emphasizes how malicious actors are leveraging sophisticated tactics, techniques and procedures (TTPs) in order to bypass traditional security methods. malicious actors were observed exploiting legitimate third-party sites and services in order to blend in with normal traffic. According to the report, there has also been an increase in the deployment of covert command and control mechanisms. This includes remote monitoring and management (RMM) devices, tunneling and proxy services.
From January 2024 to June 2024, the report recorded the most common threats observed:
- Malware for information theft (29% of initial triaged investigations)
- Trojans (15%)
- Remote access trojans (12%)
- Botnets (6%)
- Loaders (6%)