Email-Based Cyberattacks Double Between January and June

Email-Based CyberattacksOver 2.9 Billion email-based threats were detected in the first half of 2021. Business Email Compromise, obfuscation, and living off the land reigned, according to new data from Zix.

We’ve seen massive spikes before in the number of ransomware and other cyber attacks – usually when comparing a previous year to the current one. But rarely do we see a significant increase within just six months. According to the Global Threat Report: Mid-Year 2021 from Zix and AppRiver that’s exactly the case, with about 300,000 attacks in January of this year and over 600,000 in June.

The report provides several examples of attack trends observed by security researchers at Zix, including:

  • Increases in security solution obfuscation using Captcha and creatively encoding malicious attachments
  • The targeting of those looking for new jobs as workers return to the workplace
  • Living off the land using cloud resources, with Google APIs leading the way
  • Lots of Business Email Compromise
  • Use of many forms of banking trojans to steal banking and browser data

While most of the attack examples have equivalents here on our blog, this report does bring to light the increases in attack numbers and creativity you should expect to continue. The obfuscation is a particular focus for threat actors working to avoid detection by security solutions. Should they be successful, the last layer of defense is a well-prepared and vigilant user who, through continual Security Awareness Training, is always on the lookout for suspicious email content that may be the launching point for the next cyberattack.

Find out which of your users' emails are exposed before bad actors do.

Many of the email addresses and identities of your organization are exposed on the internet and easy to find for cybercriminals. With that email attack surface, they can launch social engineering, spear phishing and ransomware attacks on your organization. KnowBe4's Email Exposure Check Pro (EEC) identifies the at-risk users in your organization by crawling business social media information and now thousands of breach databases.

EECPro-1Here's how it works:

  • The first stage does deep web searches to find any publicly available organizational data
  • The second stage finds any users that have had their account information exposed in any of several thousand breaches
  • You will get a summary report PDF as well as a link to the full detailed report
  • Results in minutes!

Get Your Free Report

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Topics: CEO Fraud

Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews