Attacks carried out through email increased in frequency, intensity and sophistication in 2022, according to the Email Security Annual Report 2023 from Coffee Intelligence. According to the company, dedicated to email security, in 2022 there was a 569% increase in the reception of malicious emails with phishing.
In addition, emails with phishing attempts to steal access credentials to various accounts also increased by 478%, and malware in general by 44%. In view of these figures, phishing continues to be one of the most effective attack methods. Among other things, due to its simplicity and the ability to reach all kinds of people and entities through email.
While more advanced malware attacks can attract more attention and generate more headlines, phishing attacks are very often responsible for cybercriminals gaining access to critical data across all types of entities and businesses.
This is not the only type of attack that experienced notable growth among attacks carried out through email in 2022. According to Cofense, in addition to credential phishing, there was also a significant rise in attacks in which email email is compromised. This increase may be due to users being more prepared and cautious, leading to these attacks being more easily detected and reported.
In order for them to detect these attacks, the best thing companies and organizations can do is train their staff. Above all, through training are simulated situations. Having practice with them will make it easier for them to identify these attacks in real life, and report them to the company’s IT and security teams, which will undoubtedly facilitate their work and improve the security of the entity.
Once notified of a possible attack via email, organizations can check if other users have received the same type of message, or activate various security controls. Businesses typically have multiple layers of security in place.
Among them are network firewalls, gateways to take care of email security or threat detection and response systems at the endpoint. But it’s not enough. IT managers and their team members need to stay up to date on the development of phishing threats. If they are, they will be able to continually improve their security controls.
The latter is very important, since cyber attackers do not stop updating and refining their attack tactics, so that their attempts can overcome security barriers. Currently, cybercriminals are using new types of files for their attacks, with the aim of fooling the detection mechanisms of harmful files.
In addition, their login mechanisms increasingly use mechanisms to bypass geographic protections, as well as detection of user behavior. So they can bypass security checks and secure sandboxes.
On the other hand, as companies continue to move services and systems to the cloud, in order to operate mostly from the cloud, attackers are dedicated more and more to exploit the services offered by cloud providers. For this reason, company security teams have to be aware of the evolution of cyberattacks and malware in order to prevent damage and unauthorized access to sensitive information.