OpenText has announced its 2022 BrightCloud Threat Report, which outlines key data points and trends affecting small and large businesses worldwide, as well as individuals in the new hybrid, interconnected world.
This year’s report provides in-depth analysis, market insights, trend data and predictions for what lies ahead as organizations move toward strengthening their cyber-resiliency posture in the face of ever-increasing cyberattacks and cyberwarfare. Some highlights include:
Phishing and impersonated companies
- 770% overall phishing activity spike during May 2021
- January – April 2021 saw a mere 9% of phishing activity
- 54% of all detected phishing URLs in 2021 were from top-targeted brands: Apple, Facebook, YouTube, Microsoft, and Google
- eBay fell from being the number one impersonated brand in 2020, dropping out of the top 10 completely in 2021 as pandemic-related shortages eased
Infection Rates by Region:
- Japan, the UK, North America and Australia saw infection rates drop by 51% since the year prior
- The US held the largest number of malicious IP addresses and convictions (24.3%)
The Netherlands had the highest number of convictions per bad IP address (average: 526), meaning that each malicious IP address in the Netherlands performed more malicious activity on average than the average malicious IP address in other countries.
Remote and hybrid work environments, along with rapidly shifting world affairs, continue to alter how we interact and present new security challenges that open lucrative avenues for bad actors. Last year, phishing attacks escalated across email, text and other communications platforms and new high-risk malicious URLs were found hiding behind proxy avoidance and anonymisers. Alternatively, while browser-based cryptojacking may have practically disappeared, cryptomining malware shifted into the mainstream as cybercriminals continue looking for ways to compromise data and personal information.
“Businesses’ ability to prepare for and recover from threats will increase as they integrate cyber-resilience into their technologies, processes and people,” said Mark J. Barrenechea, OpenText CEO and CTO. “With security risks escalating worldwide and a persistent state of ‘unprecedented’ threats, compromises are inevitable. This year’s findings reiterate the need for organisations to deploy strong multi-layered security defences to help them remain at the heart of cyber resilience and circumvent even the most creative cybercriminals.”
“Cyber-resiliency is a top proactive priority for organizations worldwide,” said Craig Robinson, IDC Program Director, Security Services. “Better understanding the known threats will play a key role in building and maintaining a strong layered security approach.”
Tackling this, Intelligent SME.tech spoke to three leading experts about the best practice approach SMEs can take to email security…
Sameer Basha, Security Consultant GCC at Check Point Software Technologies
Email is one of the most widely used mediums for business communications, and also the most preferred vector for cyberattacks. Over 90% of attacks on organisations start from malicious emails. Every organisation is a potential target for email delivered attacks such as phishing, Business Executive Compromise, malware, account take over and loss of confidential data, hence every organisation should have the right security controls to minimise risks associated with these attacks.
An effective email security strategy is two-pronged. Proactively create user awareness to recognise and appropriately report email-based attacks and secure the email system with an efficient email security solution that prevents email-based attacks. Check Point Harmony email and collaboration is a leading Machine Learning (ML) based email security solution designed to prevent email-based attacks.
These email security best practices outline important steps that an organisation should take to secure corporate email communications.
- Continuous cybersecurity awareness training – Human is always the weakest link. No technology provides 100% protection. User awareness and the resulting user feedback will complement and strengthen the organisation’s email security objectives and fine tune email attack detection.
- Implement strong user authentication – A user’s email account contains a vast amount of sensitive information. Even if sensitive data like payroll or research and development data isn’t contained within emails – or stored in cloud-based accounts linked to these email addresses – the information about internal relationships that email contains can be invaluable for a social engineer planning a spear-phishing campaign.
- ML-based email security solutions with DLP – Modern day email attacks have become very sophisticated and go undetected with traditional signature based solutions. Machine Learning based email security solution with data leakage protections is the right recipe for the current threat landscape.
- Implement robust endpoint security – Security should be enforced based on a strategy of defence in depth. In addition to email security solutions, an organisation should have an integrated endpoint security solution as the last line of defence. Endpoint security can help to detect and remediate malware infections that escaped other security defences.
- Implement robust endpoint security – Security should be enforced based on a strategy of defence in depth. In addition to email security solutions, an organisation should have an integrated endpoint security solution as the last line of defence. Endpoint security can help to detect and remediate malware infections that escaped other security defences.
Magni Reynir Sigurðsson, Senior Manager of Detection Technologies at Cyren
Return on investment (ROI) is one of the key drivers for all businesses, including SMEs. Unfortunately, cybercriminals have a similar strategy, making email phishing the go-to approach for many modern-day cyberattacks simply because it’s a relatively straightforward and cost-effective technique – particularly given the recent proliferation of phishing kits.
Essentially an all-in-one ‘starter-pack’ for planning, setting up and launching a phishing attack, phishing kits provide attackers with all the tools they need and are accessible via a simple search on the Dark Web. Moreover, they are low cost, with the average phishing kit costing just US$70, and because these kits are not sophisticated or highly technical tools, even amateur criminals can use them quickly and easily. All these factors increase the likelihood that an SME will be targeted by an email phishing attack.
In fact, SMEs are particularly vulnerable to phishing attacks because they often lack the dedicated security team that you find within larger organisations. Without this consistent protection, SMEs are at higher risk from attackers who view them as easier targets. If phished successfully, not only do cybercriminals have access to credentials within an organisation, but they can go on to use that access to launch further attacks targeting the organisation or its supply chain.
Security Awareness Training (SAT) is a common and often mandated step to increase a SMEs technological defence. SAT teaches employees to recognise the basic signs of a phishing attack, such as spelling errors, incorrect logos and inconsistent font size. By including all employees and educating them on their importance within defence, an SME can establish a culture of security.
SAT programmes aim to make users less ‘phishable’ and usually leads to users having the tools and workflows to report suspicious emails to the company’s helpdesk or security staff for analysis. However, this subsequently leads to an increase in the number of email alerts that already burdened SME security teams must investigate.
SAT alone will never be enough to keep increasingly sophisticated phishing attacks at bay because humans are fallible, and a single phishing email fooling just one employee can be enough to facilitate a SMEs demise. Email attacks are often successful because an employee is distracted as opposed to ignorant. Therefore, organisations must continually improve their automated detection and response capabilities to reduce the reliance on employees to spot and report phishy emails.
Third-party secure email gateways and native cloud security capabilities were designed to block spam and other well-known or readily detected threats. Today’s targeted phishing, business email compromise and ransomware attacks easily evade these technologies. A fact well-supported by outages and financial losses constantly making headlines. Clearly then, a different strategy is needed and the solution for organisations, SMEs included, is to implement a resilient, layered security strategy.
Ed Williams, EMEA Director of Trustwave SpiderLabs
Some of the most significant threats organisations face come in through email as it has a number of advantages as an effective attack vector for hackers, enabling them to surreptitiously launch threats such as spam, malware, phishing attacks, Business Email Compromise, account takeover and ransomware. End users receive email messages whether they like it or not and email can be easily spoofed to appear legitimate.
Trustwave’s own 2021 Email Threat Report found that in 2020 the proportion of malicious attachments in spam increased, with widely used Microsoft documents, namely Word and Excel, being the most common way attackers delivered malware through email. What’s more, Business Email Compromise (BEC) scams had continued to have a significant impact on organisations.
Most recently, our research team discovered threat actors appending malicious files to an unsuspecting file format to evade detection and deliver info stealer Vidar malware to the user.
No matter the size of your organisation, protecting your email environment should be one of your top priorities. In order to protect the email attack surface there are a number of measures SMEs can take.
Firstly, keep software updated. Many email attacks succeed because of unpatched client software so keeping programmes, like Adobe Reader, fully patched is important. Ensure that good security practices like multi-factor authentication (MFA) and robust passwords are applied to email SaaS implementations. If appropriate, we’d also recommend that anti-spoofing best practices are applied.
Secondly, deploy an email security gateway to check potentially malicious or phishing links coming into corporate inboxes. Implementing software to catch malicious emails before they even reach employees is a very helpful and effective preventative measure.
Lastly, educate your users. Cybercriminals are masters of social engineering and their emails are becoming more believable by the day. It’s vital that organisations inform their employees on the nature of today’s email attacks to ensure they have their wits about them and know what to do should they find a suspicious email lurking in their inbox. To take this a step further, conducting mock phishing exercises against your staff helps to demonstrate just how real the threat is while also highlighting how legitimate the emails can seem.