Join Transform 2021 for the most important themes in enterprise AI & Data. Learn more.
Cloud computing’s benefits are well understood — it enables businesses of all sizes to access powerful compute resources that expand and contract according to their needs and focus on their core business rather than maintaining infrastructure. But the cloud can also offer nefarious actors easy access to valuable and sensitive data, as evidenced by the steady stream of high-profile breaches.
As all the major cloud providers continue to invest in new security products for their customers and businesses themselves expend considerable resources on bolstering their cloud security, hackers are adopting more sophisticated methods to infiltrate cloud defenses. However, a new report from cybersecurity giant Trend Micro suggests cybercriminals are still applying age-old methods to attack email, which remains one of the most reliable cloud attack vectors.
Secure access
According to Trend Micro’s fourth annual Cloud App Security Threat Report, “high-risk” email threats rose by 32% in 2020 compared to the previous year. More specifically, the company reported a double-digital increase in detections spanning malware, credential theft, and phishing emails.
The data was derived from businesses that used Trend Micro’s Cloud App Security software over the past year, though the company didn’t name any names. “We do not disclose our customers, but they vary from small business all the way to very large enterprises,” Jon Clay, Trend Micro’s director of global threat communications, told VentureBeat.
Cloud App Security, which works with both Microsoft Exchange Online and Gmail, as well as other cloud-based services such as Salesforce, OneDrive, SharePoint, Teams, Google Drive, Box, and Dropbox, is deployed by businesses using APIs in a direct cloud-to-cloud integration. Last year, the company said it detected and blocked 16.7 million high-risk email threats in Microsoft and Google’s respective email offerings, up substantially from the 12.7 million it detected the year before.
Moreover, the company said it detected more than 755,000 email threats in a single organization that claims 10,000 Microsoft 365 users. The threats consisted mostly of malicious URLs and phishing links, with a smattering of malware files and business email compromise (BEC) attempts. And all this happened after Microsoft 365’s built-in security smarts had already scanned the incoming emails. Clay says this was one of the most surprising findings in the latest report.
Above: Trend Micro: Cloud App Security Threat Report 2020
It is worth noting that while cloud-based services have been integral for businesses forced to transition to remote work during the pandemic, they have also proved fertile feeding ground for hackers looking to exploit weak security among people working from home. Trend Micro’s U.K. technical director Bharat Mistry says this largely accounts for the email threat landscape’s current state.
“The increase is primarily down to the sheer volume of new threats we are seeing as cyber criminals look to leverage the mobile and work-from-home workforce and [entice] them into clicking or downloading malicious content on the pretext of providing information or access to things like registering for COVID-19 vaccines, and so on,” Mistry added.
Email won’t die
While there has been a great hullabaloo around slick modern communications tools such as Slack (soon to be a $27.7 billion Salesforce subsidiary), reports suggest that at least 80% of businesses still use email as their primary communication tool. This is particularly true for communications with customers, businesses, and other external parties, and it’s why a slew of email-centric technology companies continue to raise sizable sums of money from investors, spanning email security, data-driven email delivery, and even signature management.
All this highlights the reason email remains an attractive target for would-be hackers — everyone uses it. “Typical years, 90% of threats detected across our customer base are email,” Clay said. “The significant trend that is concerning is the amount of email account credential attacks we saw, as most malicious actors are primarily targeting this in their attacks. Gaining access to an employee’s email account allows them to perpetrate malicious attacks a lot easier than using spoofed accounts.”
Other notable figures to emerge from Trend Micro’s latest report include the rise of malware inside emails, which increased 16% last year to 1.2 million detections and included a significant number of Emotet and Trickbot attacks, which often precede targeted ransomware attacks. Elsewhere, Trend Micro detected 6.9 million phishing emails, up 19% year-on-year, while credential phishing attained the lofty figure of 5.5 million attempts, up 14%.
Interestingly, detections of BEC, a scam that targets businesses that carry out wire transfers with suppliers abroad, fell by 18% overall. However, a separate report last year from the nonprofit international consortium Anti-Phishing Working Group (APWG) noted that the average wire transfer loss from BEC attacks actually grew 48% between Q1 and Q2 2020. Trend Micro hypothesized that BEC actors might be sacrificing quantity in favor of bigger or more targeted attacks.
The report comes as Microsoft revealed that a cyberespionage group linked with China had been remotely accessing email inboxes using flaws in Microsoft Exchange mail server software. Following the revelation, Trend Micro was able to release an update for its intrusion prevention system (IPS) filters, which detect known network security threats. “This can help customers now who may be targeted with those exploits,” Clay said. “We also have network scanning solutions that could detect exploits within network traffic. As for protecting emails, our AI and machine learning technologies could detect malicious use of emails, such as spam, phishing, or spearphishing.”
