High-risk email security threats increased by 32% last year

Tried and tested email methods used to attack organizations

Mail on a fishing hook

High-risk email threats climbed by 32% compared to 2019, according to Trend Micro’s 2020 Cloud App Security Report.

The report found that detections of malware, credential theft, and phishing emails all recorded double-digit year-on-year increases in 2020, while business email compromise volumes dropped slightly.

The report gathered data from over 16.7 million high-risk email threats that Trend Micro’s Cloud App Security detected and blocked. The company said this was a 32% increase from the previous year. The report highlighted one example of an organization of 10,000 users where its system detected 755,000 high-risk email threats, which came out to 75 high-risk emails per user after scanning by the native Microsoft 365 security. 

Trend Micro also thwarted 10,000 malware files and over 4,300 BEC attempts for the same organization in 2020.

Trend Micro detected over 6.9 million phishing emails in 2020, a 19% increase from the previous year. Outside of credential phishing, the number of threats in this category increased 41% over the period. COVID-19 was a common enticement, as were well-known brands, such as Netflix, that have become increasingly popular during the pandemic. Attackers were typically looking for personal and financial information to monetize, according to the report.

Concerning credential phishing, Trend Micros detected nearly 5.5 million attempts to steal users’ credentials that existing cloud-native security filters allowed through. This was a 14% increase compared to 2019 and accounted for the vast majority of detected phishing emails.

 The report said hackers were increasingly complementing these with phone-based vishing attacks, which is when hackers call users via VoIP to trick them into logging into fake phishing sites to harvest their usernames and passwords. The hackers then use these credentials to look for administrator accounts within the network and cause substantial financial problems for the organization.

The FBI warned the public to be wary of such attacks, as the shift to remote work might have made organizations more vulnerable to vishing attacks, according to the report.

Related Resource

The State of Email Security 2020

Email security insights at your email perimeter, inside your organisation, and beyond

Email security insights at your email perimeter, inside your organisation, and beyondDownload now

One bright spot in the report was the 18% year-on-year decline in business email compromise (BEC) detections. However, average losses continue to rise — increasing 48% from the first to the second quarter of 2020. From $54,000 (the average cost of a fraudulent wire transfer in the first quarter of 2020), the amount has jumped to US$80,183 in the second quarter of the year, the report said.

Bharat Mistry, Technical Director UK at Trend Micro, told ITPro it should come as no surprise that email remains the number one threat vector for all organizations, no matter the size or vertical. 

"In 2020 we intercepted over 16 million high-risk emails containing malicious payloads that had been missed by native messaging providers. The problem is growing exponentially yet organizations still struggle to get a handle on it," Mistry said.

Featured Resources

Modern governance: The how-to guide

Equipping organisations with the right tools for business resilience

Free Download

Cloud operational excellence

Everything you need to know about optimising your cloud operations

Watch now

A buyer’s guide to board management software

Improve your board’s performance

The real world business value of Oracle autonomous data warehouse

Lead with a 417% five-year ROI

Download now

Recommended

UK's first government cyber strategy aims to bolster public sector defences
cyber security

UK's first government cyber strategy aims to bolster public sector defences

25 Jan 2022
IT Pro Podcast: Learning to live with risk
Sponsored

IT Pro Podcast: Learning to live with risk

25 Jan 2022
Russia's "politically motivated" REvil raid could be used as leverage, experts warn
ransomware

Russia's "politically motivated" REvil raid could be used as leverage, experts warn

17 Jan 2022
Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp
phishing

Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp

21 Dec 2021

Most Popular

Dell XPS 15 (2021) review: The best just got better
Laptops

Dell XPS 15 (2021) review: The best just got better

14 Jan 2022
Sony pulls out of MWC 2022
Business operations

Sony pulls out of MWC 2022

14 Jan 2022
Synology DiskStation DS2422+ review: A cube of great capacity
network attached storage (NAS)

Synology DiskStation DS2422+ review: A cube of great capacity

10 Jan 2022