Back to the future: Threat actors dust off old tools for new tricks in the Q3 Threat Report [source: proofpoint]
by CIRT Team
As in 2016, the third quarter of 2017 was marked by peak year-to-date malicious message volumes. In this case, high-volume campaigns were led by ransomware, particularly Locky and, to lesser extents, Philadelphia and GlobeImposter, as well as The Trick banking Trojan. Notably, the majority of malicious email campaigns came from a single actor: TA505, whose extensive history was profiled in a recent Threat Insight blog.
Throughout Q3, actors also favored URL-based malware distribution over the document attachment campaigns that have dominated the email threat landscape since late 2014. At the same time, we continued to observe evolving social engineering and targeting techniques in email fraud and in BEC attacks that did not use any malware payloads at all.
For more, click here.