Early and late afternoon are worst times for malicious email
Human Layer Security company Tessian has analysed two million malicious emails flagged by its inbound email security solution Tessian Defender, from July 2020-July 2021, to find out how they slipped past existing defences, like secure email gateways, and the tactics cybercriminals use to carry out advanced spear phishing attacks.
Its analysis shows that malicious emails spike in the last three months of the year, with 45% more malicious emails detected in October, November and December 2020 than in the preceding quarter.
November 2020 saw the biggest spike, with around 90,000 malicious emails detected in the week of the Black Friday sales.
Malicious emails are typically delivered around 2 p.m. and 6 p.m. in the hope that one will get past a tired or distracted employee. The most popular techniques are display name spoofing, where the attacker changes the sender’s name to someone the target recognises (used in 19% of detected threats), and domain impersonation, where the attacker sets up an email address that looks like a legitimate one (11%).
The five most impersonated brands during the period in question were Microsoft, ADP, Amazon, Adobe Sign and Zoom.
Tessian Chief Information Security Officer Josh Yavor said: “Gone are the days of bulk spam and phishing attacks, and here to stay are highly targeted spear phishing emails. Why? Because they reap the biggest rewards. The problem is that these types of attack are evolving every day. Cybercriminals are always finding ways to bypass detection and reach employees’ inboxes, leaving people as organisations’ last line of defence. It’s completely unreasonable to expect every employee to identify every sophisticated phishing attack and not fall for them. Even with training, people will make mistakes or be tricked. Businesses need a more advanced approach to email security to stop the threats that are getting through.”
Two thirds of organisations have raised employee awareness around security threats (67%) and provided training on cybersecurity (66%) to meet the challenges of remote working. Even so, 76% of IT purchases are being made without direct approval from IT teams (source: Digital Readiness Survey, ManageEngine, the enterprise IT management division of Zoho Corporation). manageengine.com
Bad bot alert
Automated traffic makes up nearly two thirds of all internet traffic (64%), with bad bots accounting for 39% of the total, claims Barracuda Networks in a new report, Bot attacks: Top Threats and Trends – Insights into the growing number of automated attacks. Bad bots include basic web scrapers and attack scripts, as well as advanced persistent bots that try to evade standard defences and carry out malicious activities under the radar. North America accounts for 67% of bad bot traffic, followed by Europe (22%) and Asia (7.5%).