[BreachExchange] 75% of Cyberattacks Start With an Email, Report Says

Terrell Byrd terrell.byrd at riskbasedsecurity.com
Mon Mar 21 10:53:45 EDT 2022


https://tech.co/news/cyberattacks-start-email

Turns out your inbox might not be as safe as you think, with a report from
Trend Micro revealing that three-quarters of all cyberattacks start with
phishing emails.

The report also found that malicious actors take advantage of cloud
misconfigurations, with security breaches on the network increasing 50%
year-on-year.

Fortunately, cybercrime doesn't appear to be growing across all critical
areas. But as the cyber underworld continues to level up their strategies,
business owners need to do what they can to protect their data and button
down their digital hatches.

Phishing Attacks Are More Rampant Than Ever
According to Trend Micro's Annual Report, if there is one thing
cybercriminals are good at, it's being opportunistic. The research found
that malicious actors were quick to exploit workers growing dependence on
email throughout 2021, with more than 10 million instances of spam fishing
taking place throughout the calendar year.

As for the subject lines, themes around the pandemic and Covid-19 vaccine
appeared to be the most common, as cybercriminals played on the
contemporary concerns of internet users.

“Attackers are always working to increase their profit, whether through
quantity or efficiency attacks,” said Jon Clay, vice president of threat
intelligence at Trend Micro.

The report also noted that there was a particular escalation of cloud
security breaches, with cloud-based email threats increasing by 50% from
the year previous. The findings attributed this sharp rise to hacking
groups like TeamTNT that made their riches by scouring servers for
configuration weaknesses.

With IT security companies blocking a total of 94 billion threats in 2021
alone, they claim that the growth of Ransomware-as-a-Service (RaaS) groups
and initial access brokers also contributed to the sharp uptick.

Cyberthreats Aren’t on The Rise Across the Board
While these findings may seem sobering, it's not all doom and gloom. The
report found that business email compromise (BEC) scams — a type of scam
where phishing emails claim to come from a reputable source like a CEO —
decreased by 11%.

What's more, Jon Clay, vice president of threat intelligence at Trend
Micro, pointed out that cyber-attacks fell in a number of other critical
areas, as attacks became more precisely targeted.

The decline of certain attacks is also thanks to the increasing
sophistication of tools like author analysis, a security measure that
automatically blocks all emails written with a suspicious or alarming
writing style.

How Can I Make Sure My Business Is Secure?
As the threat landscape continues to evolve, there are ways to take your
business out of harm's way.

By training your workforce about the dangers of phishing and reminding them
to look out for red flags like suspect subject lines, untrustworthy links,
and requests for personal information, you can keep more threats at bay by
lowering cases of employee negligence.

Additionally, if you lack the support of an IT team, by taking other
preventative measures like buying or updating your antivirus software and
securing your data in the cloud, you'll be able to strengthen your
company's security strategy.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220321/0e4aa984/attachment.html>


More information about the BreachExchange mailing list