Most mature organizations have recognized the importance of email security and subsequently added various new levels of defense to their security stack to protect against the ever evolving email threat landscape. Although the instances of compromise via email malware are trending lower, the threats themselves haven’t gone anywhere – and the consequences of inadequate email security have never been higher in the age of advanced threats.
In the new 2021 Email Threat Report from Trustwave, we break down real-life examples of the latest email threats and critical trends from the past year to help you gain an understanding of the current landscape so you can prepare your email security strategy.
The 2021 Email Threat Report highlights several key trends, including:
The Trustwave 2021 Email Threat Report, featuring data and analysis from the SpiderLabs Email Security Research and Malware Analysis Team, details some of the most significant email threats organizations face, and provides insight on the tricks and techniques cybercriminals are using to snare their victims.
We sat down with Phil Hay, Senior Research Manager, Email Security and Malware Analysis at Trustwave SpiderLabs to discuss some of the key trends from the 2021 Email Threat Report.
Although on the surface this appears to be the case, it’s more likely a return to more “normal” levels of malware, percentagewise. The period from 2016-2018, was an abnormally high period of activity; the Necurs botnet in particular drove a massive number of spammed malware downloaders, leading to widespread ransomware and various other infections. It’s also worth noting that the longer-term trend of lower spam volumes, fewer and smaller botnets, resulting in less volume of email-borne malware. That does not negate the fact that there are still operators disseminating their malware via email, so the threat remains very much alive, just on a slightly smaller scale.
As noted in the report, apart from COVID-themed email threats which was inevitable, not much changed, as the longer-term email trend attacks continue to surpass any short-term changes. For example, using Office document files to deliver malware is still an overriding trend as well as the use of novel file types such as the COVID-themed .jnlp attachment example referenced in the report.
One area we did see a change in was driven by the increased number of employees working from home. This shift hastened a move to cloud-services, which brings with it an entirely different set of security challenges (more on that below).
Many organizations moved their teams to cloud services due to convenience and price and attackers are no different.
In the 2021 Email Threat Report, we detail how free cloud services are used in phishing attacks. Bad actors piggyback on the good reputation and the free or low-cost services of these cloud providers to bypass security checks. The bad guys don’t like to pay for infrastructure costs anymore than the next guy!
Another noteworthy area is the continued migration by organizations to cloud email services such as Office 365. Compromised O365 accounts are a highly sought-after commodity, as they can be used to launch targeted phishing, man-in-the-middle or BEC attacks. Once an account is compromised, attackers can then launch additional assaults within the organization. These attacks appear legitimate to users since they originate from actual accounts within the organization.
All email security strategies are a combination of technology, non-technical policies, awareness and training. Some key areas of focus include:
Interested in ensuring your organization has the best email security posture? Learn more about Trustwave MailMarshal and its powerful email security capabilities here.