Abnormal Security Email Threat Report H1 2022 - The Findings
Abnormal Security has recently released its H1 2022 Email Threat Report covering data from June to December 2021. As modern threats continue to increase in volume, severity and sophistication, the report unveils trends and insights and offers pragmatic predictions for 2022. We’ll be summarising the key statistics of this report and how you can stay ahead of cybercriminals in the coming year and beyond.
Key Trends and Insights
According to the report, one of today’s modern attacks use high-value strategies that rely on social engineering to trick recipients into sending money or divulging sensitive information. The problem with these attacks is that they don’t contain the normal indicators of compromise, enabling them to evade secure email gateways and traditional defences. There are four key trends highlighted within the report:
1. The Volume of Email Attacks Continued to Rise
As email security has improved over the last year, some might have expected the number of email attacks to drop. Data from the report shows the opposite to be true:
- During the last half of 2021, the overall attack volume increased by 10.33%.
- Scams and BEC attacks rose, whilst credential phishing dropped slightly.
- Cybercriminals are seeing more success with text-based attacks that bypass traditional security tools.
2. There Was an Increase in Phone Scams
An emerging malware tactic that increased dramatically during the second half of 2021 was the use of phone fraud. Instead of traditional voice phishing (vishing) tactics, these attacks started with a phishing email and directed users to call scammers. While geared towards consumers, cybercriminals were clearly willing to scam organisations too. Some key statistics were:
- Over half of all organisations received at least one attack.
- The probability of an attack peaked in December at 89%.
- Education and religious organisations had a higher chance of receiving an attack.
- Larger organisations had the greatest probability of receiving an attack.
3. Vendor Email Compromise (VEC) Risk Continued to Be a Concern
Vendor Email Compromise or supply chain compromise aims to phish for vendor email credentials, access email accounts and then use compromised accounts to attack partners. The attack technique is incredibly successful and dangerous:
- Over a quarter of all Abnormal customers were targeted every week.
- The average attack size remained at $183,000.
- There was a 67% chance of receiving a VEC attack in H2 2021.
- As with phone fraud, larger organisations were most at risk due to the volume of mailboxes.
- Organisations with 50,000+ employees had a 96.7% chance of receiving an attack from their supply chain every week.
4. Business Email Compromise (BEC) Became a Bigger Threat
Despite increased awareness of BEC, the threat vector went up another level in 2021 as cybercriminals saw success by pivoting their impersonation strategy:
- The number of BEC attacks per 1,000 mailboxes nearly doubled.
- There was an 84% increase in the number of BEC attacks.
- There was a 32.7% decrease in attacks impersonating executives, but those same executives received 24% more attacks.
- 87.7% of all BEC attacks targeted general employees.
- Executives were the most common impersonated party in attacks that targeted other executives.
- Small businesses received most BEC attacks per mailbox as attackers targeted specific roles.
- There was a 95% chance of receiving a BEC attack each week for organisations with 50,000+ employees. Not surprising, due to the sheer volume of mailboxes.
- Retail and agriculture were at the highest risk, with an 82.3% chance of receiving at least one BEC attack each week.
What to Expect in the Future?
The report serves as a solid reminder to expect an increase in modern attacks such as BEC and VEC as we move through 2022. Cybercriminals will continue to shift tactics to avoid defences and scam victims. Emails are no longer dependent on malicious attachments and links - the traditional indicators of compromise. Modern attacks will continue to increase both in volume and severity in 2022 but they can be stopped with the right solutions in place. If you would like to have enhanced protection and deeper, timely, more actionable insights, contact InfoTrust today for a consultation on Abnormal Security’s cloud-native API based solution.
If you’d like to learn more about Abnormal Security’s findings or to read the full report, download the H1 2022 Email Threat Report today.
see our
Related resources
Mimecast recently released its State of Email Security Report for 2021. The fifth edition of its annual report used interviews with over twelve hundred of information technology and cybersecurity professionals across the globe to gather vital cybersecurity insights. The report offers an insight into the latest email threats along with advice on how to build cyber resilience and mitigate the risks of email-borne attacks.
Cyber attacks and data breaches have been commonplace in the news headlines for some time now. Although a warning from the media is certainly helpful, there is so much more that can be done when it comes to threat intelligence sharing. Threat intelligence sharing is an important part of the global cybersecurity community effort to tackle cybercrime and should form a part of every organisation’s cybersecurity strategy. Sharing cyber threat intelligence enables organisations to make informed decisions about their cybersecurity, building more effective and robust cyber defences.
One of my favourite annual reports to read is the Verizon Data Breach Investigations Report. It’s packed full of insights about the threat landscape and security leaders, in my opinion, should read this report to get a pulse on what’s happening in cyber-scape.
After all, as cyber leaders, we are here to stop breaches – so the insights gained from real cyber incidents and breaches is gold in learning how to tighten up our defences.
All businesses, large and small, are under increasing pressure to demonstrate that they are managing the risk of cyberattacks. This means having the right processes and controls in place to identify risks and vulnerabilities, protect information, as well as detect, respond, and recover in the event of cybersecurity incidents. As such, many businesses are turning to certification authorities and security frameworks to demonstrate privacy and security best practice and achieve compliance with regulatory bodies. System and Organisation Controls (SOC 2) is one such compliance framework that can help organisations to create a structured approach to cybersecurity.
Frost & Sullivan has recently released its 2021 Frost Radar: Email Security report, where its findings provide a benchmarking framework to help businesses protect their email from cyber threats.
As we operate in an increasingly digital world, every business collect, store, and share more and more data. And, amongst that data is personal information. With the OAIC marking this year’s Privacy Awareness Week (PAW) from Monday 3 May to Sunday 9 May 2021, it’s time for us all to review how we protect our customers’ personal information.
We're Here To Help