With the mass migration to remote work, more critical business data is being shared via email than ever. Users can now receive hundreds of emails a day, and browsing them is time consuming and exhausting.
In the face of that dizzying volume, it’s no wonder there is growing email fatigue. Unfortunately, that fatigue makes users more likely to unknowingly click on a malicious email, which explains why. 94% malware is now sent by email.
Examining recent examples of email attacks not only ensures that you are aware of the different ways criminals are exploiting employee inboxes, it is the first step in combating the growing threat.
While spam is now considered an old school tactic, cybercriminals still use it for malicious purposes. Fake unsubscribe spam email is a tactic used by criminals to refine their mailing lists and verify email addresses. When a user clicks a fake link in a spam email, they are confirming to the spammer that their email address is correct, active, and verified on a regular basis. From there, the user can be targeted to receive more email attacks with more malicious payloads.
Impersonation represents more than 80% of reported security incidents. A good example occurred last May when Nobelium (the group behind the infamous SolarWinds attack) used phishing attacks to launch backdoor malware at 150 different organizations. Other recent phishing attacks include Five Rivers Health Centers in Dayton, Ohio, where 155,000 patients had their protected health information exposed for two months due to an email phishing attack. In 2020, Her Majesty’s Revenue and Customs (HMRC) in the UK was investigating over 10,000 phishing scams exploiting public fears of the coronavirus.
Ninety five percent of all attacks on corporate networks are the result of successful spear phishing. In November 2020, the co-founder of the Australian hedge fund, Levitas Capital, was the victim of a whaling attack, which is a form of spear phishing. While the attack cost the company $ 800,000, well below the $ 8 million originally planned, it also resulted in the loss of the hedge fund’s largest customer. In the end, the company was required to close permanently.
In 2019, a cybersecurity survey revealed that 26% of organizations worldwide were targeted from one to ten Business Email Compromise (BEC) attacks. According to the FBI Internet Crime Complaint Center (IC3), BEC scams were the costliest cyberattacks in 2020 with 19,369 complaints and adjusted losses of approximately $ 1.8 billion. Recent BEC attacks include spoofing attacks on:
- Shark Tank Host, Barbara Corcoran, who lost $ 380,000;
- The government of Puerto Rico, which at $ 4 million;
- And the Japanese media giant, Nikkei, which transferred $ 29 million under the instructions of a fraudulent email.
Cybercriminals continually refine their email strategies by playing on the victim’s emotions: creating fear, exploiting greed, tapping into an individual’s curiosity, asking for help, or prompting users to empathize or sympathize. This approach is often used by ransomware attackers as a service.
In the ransomware-as-a-service model, a band of malware gives these attackers, called distributors, the tools to spread ransomware, while the goal of the distributor is to infect as many computers as possible. It’s the same distribution model used by big SaaS like Salesforce.com. To improve their effectiveness, cybercriminals now use artificial intelligence (AI) and automation to scale their email attacks.
Unfortunately, users do not necessarily know that their systems are infected. Malware can lie dormant for a period or go unnoticed. Advanced Persistent Threats (APTs) go undetected an average of 71 days in the Americas, 177 days in EMEA, and 204 days in APAC.
Given its success, we can expect that cybercriminals will continue to make email a star in their attack strategies.
Stop email cyberthreats
To stop or mitigate the risk of an attack, a business has three defenses that must be used in parallel:
- Continuous user education on what new attacks look like
- Advanced anti-malware that provides a multi-layered approach to stopping attacks in their tracks.
- An incident response plan to respond and manage an attack, mitigate the damage, and recover as quickly as possible.
When it comes to email security, a one-size-fits-all approach never works. Malware will go through a single defense, so a solution must offer multiple layers of protection. That way, if the malware bypasses a defense, a later layer will stop it. Consider the following multi-layered protection program:
- An anti-spam engine that reduces risks by preventing unwanted spam.
- Anti-evasion technology that prevents advanced evasion techniques using embedded files and malicious URLs.
- Threat intelligence to prevent emerging threats from infiltrating your emails
- Anti-phishing engines to prevent any type of phishing attack before it reaches users
- Anti-spoofing technology to keep users protected against social engineering, no-payload attacks
- Email antivirus software to minimize the risk of being infected by malware through email.
- Detection to prevent advanced attacks such as APT and zero-day attacks that conventional defenses bypass
Using a multi-layered approach combined with solutions like Acronis Cyber Protect, which includes URL filtering, can help block malicious domains and malware downloads, preventing systems from being infected in the first place.