Cloud Email Threats Soar 101% in a Year
The number of email-borne cyber-threats blocked by Trend Micro surged by triple digits last year, highlighting the continued risk from conventional attack vectors.
The vendor stopped over 33.6 million such threats reaching customers via cloud-based email in 2021, a 101% increase. This included 16.5 million phishing emails, a 138% year-on-year increase, of which 6.5 million were credential phishing attempts.
Trend Micro also blocked 3.3 million malicious files in cloud-based emails, including a 134% increase in known threats and a 221% increase in unknown malware.
The news comes as Proofpoint warned in a new report of the continued dangers posed by social engineering, and the mistaken assumptions many users make.
Many users don’t realize that threat actors may spend considerable time and effort building a rapport over email with their victims, especially if they’re trying to conduct a business email compromise (BEC) attack, it said.
They may also abuse legitimate services from Google, Microsoft and other sources to host and distribute malware and credential harvesting portals. OneDrive is the most frequently used, followed by Google Drive, Dropbox, Discord, Firebase and SendGrid, according to the report.
The security vendor also warned of a surge in “telephone-oriented attack delivery (TOAD),” which it claimed to be seeing at least 250,000 times each day.
In these unsolicited emails, recipients are urged to ring a phone number which will take them to a malicious call center operative.
In one version of the attack they will try to persuade that user to download legitimate remote assistance software, which can be used to hijack the victim’s computer and steal financial details. A second variant may see the victim tricked into downloading the BazaLoader malware, which could in turn be used to deploy additional malware like ransomware or info-stealers.
Finally, Proofpoint urged corporate users not to assume that existing email threads are benign.
Threat actors are increasingly hijacking inboxes to access such threads as a more sure-fire way to achieve their goals than sending unsolicited emails.
In 2021, Proofpoint observed over 500 campaigns using thread hijacking, associated with 16 different malware families, especially banking Trojans.
“To successfully hijack an existing conversation, threat actors need to obtain access to legitimate users’ inboxes,” the report explained.
“This can be obtained in various ways including phishing, malware attacks, credential lists available on hacking forums, or password spraying techniques. Threat actors can also hijack entire email servers or mailboxes and automatically send replies from threat actor-controlled botnets.”