Cloud-based email threats capitalise on chaos of COVID-19

Trend Micro reports a rise of more than 30 per cent year-on-year

In 2020, cloud security company, Trend Micro, blocked 16.7 million high-risk email threats that slipped past webmail providers’ native filters – an increase of nearly one-third on 2019 figures.

The new statistics are provided by Trend Micro’s Cloud App Security (CAS), an API-based solution that provides second-layer protection for Microsoft Exchange Online, Gmail, and a host of other services. Detections of malware, credential theft and phishing emails all recorded double-digit year-on-year increases in 2020, while BEC volumes dropped slightly.

Malware-laden emails: Trend Micro detected 1.1 million emails containing malware that would otherwise have appeared in users’ inboxes, up 16 per cent on 2019 figures. These included many Emotet and Trickbot attacks which are often the precursor to targeted ransomware.

Phishing: The company intercepted more than 6.9 million phishing emails in 2020, a 19 per cent increase from the previous year. Discounting credential phishing, the number of threats in this category surged 41 per cent over the period. COVID-19 was a common lure, as were big-name brands like Netflix that have become popular during the pandemic. Attackers were typically looking for personal and financial information to monetise.

Credential phishing: Trend Micro detected nearly 5.5 million attempts to steal users’ credentials that were allowed through by existing cloud native security filters. This was a 14 per cent increase on 2019 and accounted for the vast majority of detected phishing emails. Attackers are increasingly supplementing these with phone-based vishing attacks.

Business email compromise (BEC): Although BEC detections declined 18 per cent year-on-year, average losses continue to rise — increasing 48 per cent from the first to the second quarter of 2020.

“COVID-19 forced many organisations to accelerate their digital adoption plans, and SaaS apps have become indispensable to remote workers,” Trend Micro technical director, Mick McCluney, said. “However, where there are users, there are also threats and we’ve seen a spike in attacks targeting organisations’ perceived weakest link during the pandemic.”