There was a surge of malicious email campaigns in the fourth quarter of 2016, with the largest campaign almost seven times the size of the biggest campaign in the previous quarter - reflecting an explosion in email-borne threats as attackers focus on spreading ransomware.
Those are just two of the conclusions from the latest quarterly Proofpoint Threat Summary.
In addition to Locky, Proofpoint also warned that the use of Cerber and CryptXXX ransomware variants also grew quickly.
However, exploit kit activity fell by 93 per cent from its highs at the beginning of the year, while the number of ransomware variants multiplied by 30 times, claimed Proofpoint.
The threats posed by exploit kits have been relegated to malvertising and online adverts embedded with malicious code intended to exploit web browser vulnerabilities, it added.
Proofpoint also claimed that organisations are starting to get to grips with business email compromise (BEC) campaigns, in which attackers spoof emails from senior members of staff ordering rank-and-file workers, typically in accounts departments, to transfer cash out of the organisation, often circumventing established procedures.
"Organisations are becoming more aggressive in how they address business email compromise (BEC) phishing. But BEC actors are adapting as well, employing more effective techniques such as sending spoofed emails to rank-and-file workers," warned Proofpoint.
The security company also claimed that attackers introduced new techniques in a bid to evade detection.
"Threat actors continued to introduce new efforts to avoid, evade, or otherwise thwart automated sandboxing and other forms of automated dynamic analysis.
"For example, we observed malicious document attachments with embedded VBScript and LNK objects in place of malicious macros.
"Other actors began using encrypted or password-protected document attachments with the password included in the email body, both increasing the sense of legitimacy and decreasing the ability of most sandboxes to detonate the documents.
"We observed this technique in campaigns distributing Cerber ransomware and Ursnif banking Trojan, and even in credential phishing campaigns," warned Proofpoint.
V3's sister site's Computing's popular DevOps Summit returns on 22 March 2017. Speakers include Pritesh Devani, director of application engineering at Thomson Reuters; Rick Allan, global project delivery assurance at Zurich Insurance; and, David Stanley, head of platform delivery at The Trainline.com. Places are free to qualifying IT leaders and senior IT pros.
Samsung very much in third place behind Android Pay and Apple Pay
Moribund Twitter ads nil, nada, zero users, while revenues fall five per cent to $574m
Wisconsin claims deal could result in 13,000 jobs and $10bn of investment from Foxconn by 2020
Streaming music is the future, whether you like it or not