Email attacks are still the best way to hack your business

cyber security
(Image credit: Pixabay)

Despite cybercriminals embracing advanced hacking techniques to target the cloud, classic email attacks still remain very popular - and effective. 

A new report from Trend Micro found malware-laden emails and other types of email-borne attacks skyrocketed last year, with high-risk email threats rising 32% in 2020 compared to the year before. Detections of malware, credential theft and phishing emails all recorded double-digit year-on-year increases last year, while business email compromise volumes dropped slightly.

The company alone detected 1.2 million malware-laden emails (16% up on 2019) which it claims would have otherwise made it into people’s inboxes. In many cases, criminals were distributing Emotet and Trickbot, often a stepping stone towards targeted ransomware attacks.

Phishing emails also rose by 19% year-on-year, hitting 6.9 million. Discounting credential phishing, Trend Micro says, the number of threats in this category spiked 41% in a year.

Covid-19 remains the topic of choice

As expected, Covid-19 was a popular theme among criminals, as were digital services such as Netflix that saw a surge in popularity  due to working from home. Criminals were mostly out for personal and financial information that they could monetize.

When it comes to stealing credentials, these attempts rose 14% since 2019, and with 5.5 million attempts, it accounted for most of detected phishing emails, with criminals often following up on these emails with a phone call.

Business email compromise (BEC) emails became something of a light at the end of the tunnel. This type of attack declined 18% year-on-year. However, the successful attacks became more lucrative, as losses rose by almost half (48%) between the first and second quarter of 2020.

To remain secure, organizations should consider a comprehensive multilayered security solution, Trend Micro argues. “It supplements the pre-existing security features in email and collaboration platforms,” it added, “by using machine learning to analyze and detect any suspicious content in the message body and attachments of an email.”

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.