Analysis of Half-a-Billion emails reveals Malware-Less email attacks are on the rise

Posted by & filed under Security News.

FireEye analyzed over half-a-billion emails from the first half of 2018, and found that 32% of email traffic seen in the first half of 2018 was considered ‘clean’ and actually delivered to an inbox.

Their report also found that 1 in every 101 emails had malicious intent. When compared to the previous six-month period, the changes in both these numbers depict that the email landscape continues to see an increase in email-based threats.

 

 

“From malware to malware-less attacks including impersonation attacks like CEO fraud, a single malicious email can cause significant brand damage and financial losses. By choosing an email security solution with features based on real-time knowledge gained from the frontlines, and by teaching users to always ensure they are communicating with who they think they are, organizations can better defend against attacks,” said Ken Bagnall, VP of email security at FireEye.

Email reliance continues, cyber criminals adapt

With email security solutions focused on detecting malware, cyber criminals are now adapting their attacks, exposing organizations to malware-less assaults such as CEO fraud. In fact, the majority of attacks blocked (90%) during analysis were malware-less, with phishing attacks alone making up 81% of the blocked malware-less emails, almost doubling from January to June 2018.

Data also indicates that phishing attacks will continue to rise, while impersonation attacks (which were at 19%) remain relatively proportional to the total number of attacks seen. With it only taking one email to potentially impact an entire organization, the protection of this data must be taken seriously.

Other notable email attack trends

While the overall number of attacks stayed fairly consistent each month during the evaluated six-month period, a few notable trends stuck out relative to when and how attackers struck:

  • Relative to malware-based attacks, Mondays and Wednesdays were most common
  • Malware-less attacks were most likely to occur on a Thursday including domain name spoofing and attacks using a spoofed friendly user name, with the exception of newly existing domains which peaked on Wednesdays instead
  • Impersonation attacks were most likely to fall on a Friday
  • When it comes to the weekend, malware-less attacks continued to be more prevalent than malware-based attacks, with domain name spoofing attacks and newly existing domains being the most likely among them.
The information contained in this website is for general information purposes only. The information is gathered from Helpnet Security while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.