VMRay Malware and Phishing Threat Landscape Report - Q3 2023 - VMRay

Malware & Phishing
Threat Landscape Report

Q3 – 2023

Navigate the dynamic world of cybersecurity threats—from Windows and Linux threats to phishing trends and complex delivery chains.

Cyber Threat Intelligence (CTI) is critical for organizations to have proactive security, but security teams should know how to build unique threat intelligence that fits perfectly to their specific needs and challenges

Embark on a comprehensive journey through the intricate landscape of cybersecurity threats with our seven-chapter course. From the nuanced intricacies of Windows and Linux threats to the evolving tactics in phishing, supply chain vulnerabilities, and the pervasive influence of Artificial Intelligence, each chapter delves into distinct facets of the contemporary threat landscape.

Explore the ever-evolving nature of cyber-attacks, uncovering complex delivery chains, advanced exploitation of zero-day vulnerabilities, and the misuses and advancements in AI technologies. Join us as we dissect the threats that shape the digital realm, providing insights into the strategies and countermeasures essential for safeguarding against the dynamic cybersecurity challenges of today and tomorrow.

Table of Contents

Chapter 1

Top 10 Malware Families & Sample Type Distributions

Delve into the dynamic threat landscape of Q3 as we unveil the top 10 malware families observed on cloud submissions. Our comprehensive analysis not only identifies these evolving threats but also highlights the critical need for vigilance and proactive defense strategies. Explore the distribution of sample types, emphasizing the prominence of phishing-related submissions, and gain valuable insights to fortify your cybersecurity defenses against both known and emerging threats.

Read the chapter

Chapter 2

Windows Under Siege: Unveiling Evolving Threats and Innovations in Cybersecurity

Dive into the intricate cyber threatscape of 2023, focusing on the evolving risks targeting the Windows operating system. Explore the dynamic shifts in cross-platform threats, AI exploitation, and delivery chain innovations. The evolving sophistication of phishing attacks and the continual adaptation of notorious malware families like RedLine and XWorm underscore the pressing need for informed defenses.

Uncover the nuances of phishing attacks, malware evolution, and the relentless pursuit of cyber resilience for Windows systems.

Read the chapter

Chapter 3

Securing the Penguin: Understanding the Rising Tide of Linux Threats

Let’s explore the intricate landscape of Linux threats, a growing concern for corporations, government entities, and individual users alike. As the prevalence of Linux in high-profile targets increases, so does the sophistication of threats. Ransomware takes center stage, targeting valuable data from these entities, with Linux users facing a spectrum of attack vectors. 

From zero-day vulnerabilities demanding expertise to stealthy botnets like P2PInfect, and supply-chain gambits revealing covert threats, this chapter unveils the diverse challenges in the realm of Linux security.

Read the chapter

Chapter 4

Deceptive Waters: Deep Dive into Evolving Phishing Threats

The realm of phishing threats has evolved into a complex landscape, demanding a comprehensive exploration to understand and confront the dynamic tactics employed by cyber adversaries. In this chapter, we delve deep into various facets of phishing, from the misuse of trusted services like Google AMP to innovative strategies involving QR codes and delayed attacks. 

We dissect the ever-changing methods attackers employ, from impersonating cybersecurity researchers to leveraging SMS phishing and DeepFake voices. The risks are multifaceted, requiring a vigilant approach and proactive security measures to safeguard against the evolving phishing landscape.

Read the chapter

Chapter 5

The Evolution of Threat Delivery: Q3 Complex Delivery Chain Strategies

The third quarter witnessed a surge in cyber threats, focusing on Complex Delivery Chains. ISO and LNK files, alongside zero-click exploits, played a significant role in high-profile attacks. Supply chain targeting expanded to IT experts and business servers, with Microsoft Teams and Facebook Messenger emerging as new delivery channels. 

This chapter unravels the intricate dynamics of Q3’s threat landscape, shedding light on evolving tactics and resilient strategies.

Read the chapter

Chapter 6

AI at the Forefront: Unraveling the Dual Nature of Artificial Intelligence in Cyber Threats

The advent of Artificial Intelligence (AI) has heralded groundbreaking advancements across diverse sectors, but it has also become a double-edged sword, offering new avenues for cyber threats. This chapter delves into the notable developments and exploits of AI in the cyber threat landscape. As AI technologies evolve, so do the tactics of malicious actors, who leverage advanced AI tools to orchestrate more potent and harmful cyber attacks. 

From the emergence of harmful AI models like “Evil-GPT,” capable of generating sophisticated phishing emails, to alarming advancements like acoustic analysis for keystroke decoding, the chapter explores the dark side of AI, shedding light on the intensification of cyber threats.

Read the chapter

Chapter 7

Breaching Trust: The Evolving Landscape of Supply Chain Attacks

The intricacies of supply chain attacks continue to unfold, representing an advanced form of cyber threats where infiltrators breach trusted networks, impacting multiple systems without the victims’ awareness. 

This chapter delves into the latest developments, revealing the evolving tactics employed by threat actors to compromise and exploit these critical links in the digital ecosystem.

Read the chapter

Chapter 8

Unveiling the Unknown: Notable Developments on Zero-Day Vulnerabilities

In the intricate landscape of cyber threats, assailants adeptly exploit undiscovered vulnerabilities known as zero-day vulnerabilities. These flaws allow stealthy infiltrations, often without user interaction, making them a prevalent and alarming tactic. 

This chapter unravels the sophisticated maneuvers of cyber assailants, detailing instances like Gafgyt malware exploiting a five-year-old router defect and the strategic deployment of zero-days in prominent software. As we delve into real-world scenarios, the critical need for awareness and proactive measures against these elusive vulnerabilities becomes increasingly apparent.

Read the chapter

See VMRay in action.
Build reliable and relevant threat intelligence against the evolving malware and phishing threats.

Further resources


Build the most reliable and actionable Threat Intelligence.


Watch our webinar from at SANS Cyber Seolutions Fest 2023


Cultivate Intelligence on Targeted and Previously Unseen Threats

Welcome to the playground.

Explore what you can do with VMRay.

Click on the yellow dots to check the report formats, see the overview, explore the network connections of the sample, malicious behavior, and relevant files, map the threat on MITRE ATT&CK Framework, analyze and download IOCs and artifacts.

The analysis report tabs are available both for VMRayDeepResponse and VMRayTotalInsight. The bundle of VMRay FinalVerdict and VMRayDeepResponse also offers access to the analysis report tabs.

We’re sorry. 

The interactive tour is not available on mobile devices.

Unveiling the power:
See our experts showcasing VMRay’s capabilities.

Analysis of a malicious file

Join Fatih Akar from the VMRay team as he provides a detailed walkthrough of a malicious LNK file, a prevalent attack vector since Microsoft’s Office macros block.

Gain valuable insights into each tab of our comprehensive analysis report and get a sneak peek into what you’ll be exploring.

Analysis of a malicious URL

Join Andrey Voitenko, an expert in advanced malware and phishing analysis from the VMRay team, as he demonstrates how to submit emails and URLs to the VMRay platform using built-in connectors.

Discover the capabilities of our new Automation Dashboard, enabling one-click automation with your existing EDR, SOAR, SIEM, and TIP tools. Monitor analysis data seamlessly from your VMRay dashboard and unlock new levels of efficiency in your security operations.

Integrating with existing tools

Watch Michael Bourton showcasing the seamless integration of VMRay platform with your existing security stacks.

Discover how effortlessly you can leverage unparalleled detection and analysis capabilities by utilizing dedicated connectors or our Rest API.

Experience VMRay in Action:
Explore Real-world Malware Analysis Reports

Get a firsthand look at the power and capabilities of the VMRay platform by delving into our sample malware and phishing analysis reports.

Immerse yourself in a range of report formats, providing comprehensive insights.

Dive into the overview, explore intricate network connections, analyze malicious behavior in detail, and map threats using the MITRE ATT&CK Framework. See the possibilities to download clear IOCs.

Uncover the capabilities that await you.

Calculate how much malware false positives are costing your organization:
Malware False Positive Cost Calculator