Cloud-based spam email threats benefit from COVID-19. Trend Micro has seen a surge in malware, phishing and credential theft, reporting 16,7 million blocked high-risk email threats that went undetected by the native filters of cloud-based Office solutions. This corresponds to an increase of almost a third compared to 2019.
The new statistics are provided by Trend Micro's Cloud App Security, an API-based solution that provides protection for Microsoft Exchange Online, Gmail and a number of other services at a second level of security.
Indispensable: SaaS apps for remote employees
“COVID-19 forced many companies to accelerate their digital transformation. SaaS apps for remote workers have become indispensable for this. But where there are users, there are also threats and during the pandemic we observed an increase in attacks on the supposedly weakest link in companies, ”says Richard Werner, Business Consultant at Trend Micro. "Trend Micro Cloud App Security is essential to adding that extra layer of security - each of these nearly 17 million previously overlooked threats poses a risk to ransomware, fraud, and corporate data theft."
In 2020, the detection rates for malware, the theft of access data and phishing emails all recorded double-digit growth compared to the previous year. The BEC volume, on the other hand, fell slightly.
Malware in email
Trend Micro detected 1,1 million emails with malware that would otherwise have ended up in users' inboxes - an increase of 16 percent compared to 2019. These included many Emotet and Trickbot attacks, which are often the precursor to targeted ransomware.
Phishing
Trend Micro intercepted over 2020 million phishing emails in 6,9, an increase of 19 percent over the previous year. Disregarding credential phishing, the number of threats in this category rose by as much as 41 percent over the same period. COVID-19 and well-known brands such as Netflix, which gained popularity in the wake of the pandemic, were often used as bait. Most of the time, the attackers were looking for personal information and financial data in order to monetize them.
Credential phishing
Trend Micro discovered nearly 5,5 million attempted theft of user credentials that had passed through existing cloud-native security filters. This 14 percent increase compared to 2019 was responsible for the vast majority of phishing emails detected. Attackers increasingly combined this with telephone-based vishing attacks (“voice phishing”).
Business Email Compromise (BEC)
Although BEC detections were down 18 percent year over year, the average losses continued to rise - they increased 2020 percent from Q48 to QXNUMX XNUMX.
Trend Micro Cloud App Security offers comprehensive, layered protection for platforms such as Microsoft 365 and Google Workspace via:
- Machine learning-based writing style recognition (Writing Style DNA) to prevent BEC
- Computer vision and artificial intelligence (AI) to detect credential phishing
- Sandbox malware analysis
- Detection of document exploits
- File, email, and web reputation technologies
- Data Loss Prevention (DLP)
- Trend Micro's Vision One, a comprehensive XDR solution for investigation, detection and response on all endpoints, email, on the network and on servers.
More on this in the Threat Report 2020 at TrendMicro.com
About Trend Micro As one of the world's leading providers of IT security, Trend Micro helps create a secure world for digital data exchange. With over 30 years of security expertise, global threat research, and constant innovation, Trend Micro offers protection for businesses, government agencies, and consumers. Thanks to our XGen™ security strategy, our solutions benefit from a cross-generational combination of defense techniques optimized for leading-edge environments. Networked threat information enables better and faster protection. Optimized for cloud workloads, endpoints, email, the IIoT and networks, our connected solutions provide centralized visibility across the entire enterprise for faster threat detection and response.