Email-Based Threats Double as Malware, Credential Phishing, and BEC Detections Increase

Email-Based AttacksNewly released data from TrendMicro about high-risk email threats in 2021 shows where cybercriminals are placing their focus and where yours should be as well.

When you have a sample size of hundreds of millions of emails to base your analysis on, it’s so statistically relevant, there’s likely little error in the data when representing the state of email-based attacks. And that’s exactly what we’re seeing with TrendMicro’s Cloud App Security Threat Report 2021. This brief, but detailed, overview of how the email threat landscape has changed shows some pretty significant emphasis put on the use of email as the initial attack vector:

  • Email threats overall increased 101%
  • Detections of Credential Phishing attacks increased by 15%
  • Detections of known malware within malicious email increased 134%
  • Detections of unknown malware within malicious email increased 221%
  • Detections of BEC via behavioral analysis increased 82%

All this adds up to email continuing to be a valuable threat vector. In their report, TrendMicro offers up four example customers they’ve helped to give you an idea of the number of attacks and threats a given organization may face. When looking at the average number of “high-risk email threats” faces per employee across these organizations, we find that the average employee faces 4 per year – and that’s just the high-risk ones!

No security vendor will ever tell you they can stop 100% of all email-based threats. It therefore becomes evident that users need to play a role in stopping those emails that do get through to the Inbox. It’s through continual Security Awareness Training that users can become part of the organization’s defenses, stopping malicious emails by spotting them and not engaging with their content.

From TrendMicro’s perspective, email-based threats are on the rise; you should assume this will continue and put effectual defense in place that will stop email-based attacks.

Find out which of your users' emails are exposed before bad actors do.

Many of the email addresses and identities of your organization are exposed on the internet and easy to find for cybercriminals. With that email attack surface, they can launch social engineering, spear phishing and ransomware attacks on your organization. KnowBe4's Email Exposure Check Pro (EEC) identifies the at-risk users in your organization by crawling business social media information and now thousands of breach databases.

EECPro-1Here's how it works:

  • The first stage does deep web searches to find any publicly available organizational data
  • The second stage finds any users that have had their account information exposed in any of several thousand breaches
  • You will get a summary report PDF as well as a link to the full detailed report
  • Results in minutes!

Get Your Free Report

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews