Report: Rise in cloud-based email threats during COVID-19

Friday, 19 March, 2021

Report: Rise in cloud-based email threats during COVID-19

Trend Micro Incorporated has revealed that it blocked 16.7 million high-risk email threats that slipped past webmail providers’ native filters. This amounts to an increase of nearly a third on 2019 figures. The new statistics are derived from Trend Micro’s Cloud App Security (CAS), an API-based solution that provides second-layer protection for Microsoft Exchange Online, Gmail and a range of other services.

Mick McCluney, Technical Director at Trend Micro ANZ, said COVID-19 forced many organisations to accelerate their digital adoption plans, adding that SaaS apps have become indispensable to remote workers.

“However, where there are users there are also threats, and we’ve seen a spike in attacks targeting organisations’ perceived weakest link during the pandemic. Trend Micro Cloud App Security has been indispensable in providing an extra layer of protection — each one of those nearly 17 million threats previously missed represents a risk of corporate data theft, ransomware and fraud,” McCluney said.

Detections of malware, credential theft and phishing emails all recorded double-digit year-on-year increases in 2020, while business email compromise (BEC) volumes dropped slightly.

Trend Micro detected 1.1 million emails containing malware that would otherwise have appeared in users’ inboxes, marking a 16% increase since 2019. These included many Emotet and Trickbot attacks which are often the precursor to targeted ransomware.

Over 6.9 million phishing emails were intercepted in 2020, marking a 19% increase from 2019. Discounting credential phishing, the number of phishing threats surged 41% over the period. COVID-19 was a common lure, as were big-name brands like Netflix that have become popular during the pandemic. Attackers were typically looking for personal and financial information to monetise.

There were nearly 5.5 million attempts to steal users’ credentials that were allowed through by existing cloud native security filters, making a 14% increase on 2019, and accounting for the majority of detected phishing emails. Attackers were also increasingly supplementing these with phone-based vishing attacks.

Although DEB detections fell 18% year-on-year, average losses continued to rise, increasing 48% from the first to the second quarter of 2020.

Image credit: ©órzewiak

Related News

BlueVoyant launches security ops platform

BlueVoyant's Cyber Defence Platform leverages AI to enable security operations that span an...

CrowdStrike launches next-gen MDR solution

The Crowdstrike Falcon Next-Gen MDR solution expands MDR operations beyond native endpoint,...

Cysurance to offer cyber insurance to Sophos customers

Australian Sophos customers will be able to take advantage of discounted cyber insurance provided...

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd