Key Trends in Malicious Email Campaigns for 2023
Analysts at FACCT have identified the main trends in malicious email campaigns for 2023. According to their research, Tuesday is the most popular day of the week for cybercriminals to send phishing emails. The beginning of the week sees the highest volume of phishing messages, with Tuesday accounting for 19.7% of all such emails. After Wednesday, the number of malicious emails drops, reaching its lowest point on Sunday at just 7.1%.
How Malware Is Delivered
Attachments remain the primary method for delivering malware to victims, used in 98% of detected cases. The share of emails containing malicious links continues to decline, making up just over 1.5% last year. Researchers explain that downloading malware from an external resource adds an extra step to the infection chain, making it more noticeable to traditional security tools.
Attachment Types and File Sizes
The size of malicious attachments in phishing emails ranges from 32 KB to 2 MB, with the most common size being between 512 KB and 1 MBβthese account for over 36% of phishing attachments. Hackers most frequently “package” malware in archive formats such as .rar (23.3%), .zip (21.1%), and .z (7.7%). Inside these archives, the vast majority of files are executable files in the PE (Portable Executable) format.
Decline in Office Document Malware
Last year, there was a noticeable decrease in malware embedded in office documents like Excel spreadsheets and Word documents. Compared to 2022, the share of phishing emails with .xls files dropped from 15.8% to 4.4%, and those with .doc files fell from 11.2% to 4.5%. This trend is attributed to improved security features in Microsoft Office, making this method less effective for attackers.
Most Common Malware Types
The most widespread malware found in phishing emails in 2023 included the spyware Agent Tesla (detected in 39.4% of malicious campaigns), as well as the stealers FormBook/Formgrabber (22.4%) and Loki PWS (7.4%).
Phishing Emails Are Becoming More Sophisticated
According to Yaroslav Kargalev, head of the Cybersecurity Center at FACCT, “The trend in phishing campaigns over the past year is the emergence of well-crafted, carefully designed bait emails. Just a few years ago, only certain professional cybercriminals or advanced groups, including state-sponsored actors, could afford such quality in targeted attacks. Now, phishing emails are increasingly exploiting current news topics and often carry multiple stealers, sometimes specifically tailored to the attackers’ targets. Data stolen in this way can be sold or immediately used to further attack an organization.”