The vast majority of cyberattacks start with just an email

Close up of a person touching an email icon.
(Image credit: Geralt / Pixabay)

Around three-quarters (75%) of all cyberattacks start with a simple email message, a new report from Trend Micro has warned.

To tackle the problem, the company says businesses need to educate their employees on the dangers of phishing and other email-borne attacks, and how to defend not just themselves, but also their employer.

Unfortunately, workers are not shy of taking risks with their corporate emails, with home-based employees being particularly more prone to making email-related security mistakes on company endpoints, the report states. 

TechRadar needs yo...

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

Threat actors are also quite aware of this fact, and are increasingly targeting them with weaponized emails. To that end, Trend Micro said it detected and prevented 25.7 million email threats last year, up from 16.7 million the year before. The volume of blocked phishing attempts, just on this platform, almost doubled for the period. 

BEC, ransomware, cloud misconfigurations

At the same time, the detection of business email compromise (BEC) emails dropped by 11%. Still, the company’s email security solutions blocked a higher percentage of advanced BEC emails, it was said. These attacks now make up almost half (47%) of all BEC attacks, compared to 23% in 2020. 

“Attackers are always working to increase their profit, whether through quantity or efficiency attacks,” said Jon Clay, vice president of threat intelligence at Trend Micro. “The breadth of our global threat intelligence allows us to identify shifts in how malicious actors target their victims across the world. Our latest research shows that while Trend Micro threat detections rose 42% year-on-year in 2021 to over 94 billion, they shrank in some areas as attacks became more precisely targeted.”

Email itself, is nothing more than means to an end. And that end is, often enough, ransomware

Threat actors are using email to compromise the network and distribute ransomware, these days focusing only on businesses and industries more likely to pay. With Ransomware-as-a-Service (RaaS), and initial access brokers that now make up the cybercrime supply chain, ransomware has never been more prevalent. 

Topping things off, the report concludes, are often misconfigured cloud systems. AWS Key Management Service (AWS KMS) and Amazon Elastic Container Service (Amazon ECS), allegedly have some of the highest misconfiguration rates among AWS services. Trend Micro also says that Docker REST APIs are frequently misconfigured. 

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.