Abnormal Security has recently released its H1 2022 Email Threat Report covering data from June to December 2021. As modern threats continue to increase in volume, severity and sophistication, the report unveils trends and insights and offers pragmatic predictions for 2022. We’ll be summarising the key statistics of this report and how you can stay ahead of cybercriminals in the coming year and beyond.
According to the report, one of today’s modern attacks use high-value strategies that rely on social engineering to trick recipients into sending money or divulging sensitive information. The problem with these attacks is that they don’t contain the normal indicators of compromise, enabling them to evade secure email gateways and traditional defences. There are four key trends highlighted within the report:
1. The Volume of Email Attacks Continued to Rise
As email security has improved over the last year, some might have expected the number of email attacks to drop. Data from the report shows the opposite to be true:
2. There Was an Increase in Phone Scams
An emerging malware tactic that increased dramatically during the second half of 2021 was the use of phone fraud. Instead of traditional voice phishing (vishing) tactics, these attacks started with a phishing email and directed users to call scammers. While geared towards consumers, cybercriminals were clearly willing to scam organisations too. Some key statistics were:
3. Vendor Email Compromise (VEC) Risk Continued to Be a Concern
Vendor Email Compromise or supply chain compromise aims to phish for vendor email credentials, access email accounts and then use compromised accounts to attack partners. The attack technique is incredibly successful and dangerous:
4. Business Email Compromise (BEC) Became a Bigger Threat
Despite increased awareness of BEC, the threat vector went up another level in 2021 as cybercriminals saw success by pivoting their impersonation strategy:
The report serves as a solid reminder to expect an increase in modern attacks such as BEC and VEC as we move through 2022. Cybercriminals will continue to shift tactics to avoid defences and scam victims. Emails are no longer dependent on malicious attachments and links - the traditional indicators of compromise. Modern attacks will continue to increase both in volume and severity in 2022 but they can be stopped with the right solutions in place. If you would like to have enhanced protection and deeper, timely, more actionable insights, contact Infotrust today for a consultation on Abnormal Security’s cloud-native API based solution.