The vast majority of cyberattacks start with just an email
Around three-quarters (75%) of all cyberattacks start with a simple email message, a new report from Trend Micro has warned.
To tackle the problem, the company says businesses need to educate their employees on the dangers of phishing and other email-borne attacks, and how to defend not just themselves, but also their employer.
Unfortunately, workers are not shy of taking risks with their corporate emails, with home-based employees being particularly more prone to making email-related security mistakes on company endpoints, the report states.
Threat actors are also quite aware of this fact, and are increasingly targeting them with weaponized emails. To that end, Trend Micro said it detected and prevented 25.7 million email threats last year, up from 16.7 million the year before. The volume of blocked phishing attempts, just on this platform, almost doubled for the period.
BEC, ransomware, cloud misconfigurations
At the same time, the detection of business email compromise (BEC) emails dropped by 11%. Still, the company’s email security solutions blocked a higher percentage of advanced BEC emails, it was said. These attacks now make up almost half (47%) of all BEC attacks, compared to 23% in 2020.
“Attackers are always working to increase their profit, whether through quantity or efficiency attacks,” said Jon Clay, vice president of threat intelligence at Trend Micro. “The breadth of our global threat intelligence allows us to identify shifts in how malicious actors target their victims across the world. Our latest research shows that while Trend Micro threat detections rose 42% year-on-year in 2021 to over 94 billion, they shrank in some areas as attacks became more precisely targeted.”
Email itself, is nothing more than means to an end. And that end is, often enough, ransomware.
Threat actors are using email to compromise the network and distribute ransomware, these days focusing only on businesses and industries more likely to pay. With Ransomware-as-a-Service (RaaS), and initial access brokers that now make up the cybercrime supply chain, ransomware has never been more prevalent.
Topping things off, the report concludes, are often misconfigured cloud systems. AWS Key Management Service (AWS KMS) and Amazon Elastic Container Service (Amazon ECS), allegedly have some of the highest misconfiguration rates among AWS services. Trend Micro also says that Docker REST APIs are frequently misconfigured.