Trend Micro revealed that it thwarted 12.7 million potential email threats for customers leveraging cloud-based email services. In its report, “2019 Cloud App Security Roundup”, Trend Micro stated that more than 11 million of emails threats blocked last year were phishing related. The number of unknown phishing links in these kinds of attacks increased from 9% to 44% in 2019.
The report also highlighted that cybercriminals are getting better at using sophisticated methods to overcome the first layer of defense against Business Email Compromise (BEC) attacks. The number of BEC attacks caught by AI-powered authorship analysis increased from 7% in 2018 to 21% in 2019, according to the report. As of now, Trend Micro blocked around 400,000 attempted BEC attacks, which is 271% more than in 2018.
Trend Micro recommended enterprises to follow certain mitigation steps to defend against email threats, which include:
- Move away from a single gateway to a multi-layered cloud app security solution
- Consider sandbox malware analysis, document exploit detection, and file, email, and web reputation technologies to detect malware hidden in Office 365 and PDF documents
- Enforce consistent data loss prevention (DLP) policies across cloud email and collaboration apps
- Choose a security partner that can offer seamless integration into their cloud platforms, preserving user and admin functions
- Develop comprehensive end user awareness and training programs
Wendy Moore, Vice President, product marketing at Trend Micro, said, “Organizations are leveraging the power of SaaS-based applications in greater numbers to drive productivity, cost savings and growth. However, in doing so they may be opening themselves up to risk if they only rely on built-in security. As our report shows, built-in security is not enough on its own to stop today’s cybercriminals. Businesses must take ownership of cloud protection and find a multi-layered third-party solution to enhance their platform’s native security functionality.”
Threat actors using stolen email credentials to breach cloud accounts
Earlier a survey revealed that threat actors used previously stolen login credentials to launch brute-force attacks on high-profile cloud-based business systems that use multi-factor authentication (MFA). According to the research by enterprise security firm Proofpoint, hackers used IMAP-based password spraying attacks to breach Microsoft Office 365 and G Suite accounts which are protected with multi-factor authentication. This technique allows malicious actors to perform credential stuffing attacks to compromise sensitive data.