Abnormal Security Email Threat Report H1 2022 - The Findings

Abnormal Security has recently released its H1 2022 Email Threat Report covering data from June to December 2021. As modern threats continue to increase in volume, severity and sophistication, the report unveils trends and insights and offers pragmatic predictions for 2022. We’ll be summarising the key statistics of this report and how you can stay ahead of cybercriminals in the coming year and beyond.

KEY TRENDS AND INSIGHTS

According to the report, one of today’s modern attacks use high-value strategies that rely on social engineering to trick recipients into sending money or divulging sensitive information. The problem with these attacks is that they don’t contain the normal indicators of compromise, enabling them to evade secure email gateways and traditional defences. There are four key trends highlighted within the report:

1. The Volume of Email Attacks Continued to Rise

As email security has improved over the last year, some might have expected the number of email attacks to drop. Data from the report shows the opposite to be true:

• During the last half of 2021, the overall attack volume increased by 10.33%.
• Scams and BEC attacks rose, whilst credential phishing dropped slightly.
• Cybercriminals are seeing more success with text-based attacks that bypass traditional security tools.

2. There Was an Increase in Phone Scams

An emerging malware tactic that increased dramatically during the second half of 2021 was the use of phone fraud. Instead of traditional voice phishing (vishing) tactics, these attacks started with a phishing email and directed users to call scammers. While geared towards consumers, cybercriminals were clearly willing to scam organisations too. Some key statistics were:

• Over half of all organisations received at least one attack.
• The probability of an attack peaked in December at 89%.
• Education and religious organisations had a higher chance of receiving an attack.
• Larger organisations had the greatest probability of receiving an attack.

3. Vendor Email Compromise (VEC) Risk Continued to Be a Concern

Vendor Email Compromise or supply chain compromise aims to phish for vendor email credentials, access email accounts and then use compromised accounts to attack partners. The attack technique is incredibly successful and dangerous:

• Over a quarter of all Abnormal customers were targeted every week.
• The average attack size remained at $183,000.
• There was a 67% chance of receiving a VEC attack in H2 2021.
• As with phone fraud, larger organisations were most at risk due to the volume of mailboxes.
• Organisations with 50,000+ employees had a 96.7% chance of receiving an attack from their supply chain every week.

4. Business Email Compromise (BEC) Became a Bigger Threat

Despite increased awareness of BEC, the threat vector went up another level in 2021 as cybercriminals saw success by pivoting their impersonation strategy:

• The number of BEC attacks per 1,000 mailboxes nearly doubled.
• There was an 84% increase in the number of BEC attacks.
• There was a 32.7% decrease in attacks impersonating executives, but those same executives received 24% more attacks.
• 87.7% of all BEC attacks targeted general employees.
• Executives were the most common impersonated party in attacks that targeted other executives.
• Small businesses received most BEC attacks per mailbox as attackers targeted specific roles.
• There was a 95% chance of receiving a BEC attack each week for organisations with 50,000+ employees. Not surprising, due to the sheer volume of mailboxes.
• Retail and agriculture were at the highest risk, with an 82.3% chance of receiving at least one BEC attack each week.

WHAT TO EXPECT IN THE FUTURE?

The report serves as a solid reminder to expect an increase in modern attacks such as BEC and VEC as we move through 2022. Cybercriminals will continue to shift tactics to avoid defences and scam victims. Emails are no longer dependent on malicious attachments and links - the traditional indicators of compromise. Modern attacks will continue to increase both in volume and severity in 2022 but they can be stopped with the right solutions in place. If you would like to have enhanced protection and deeper, timely, more actionable insights, contact Infotrust today for a consultation on Abnormal Security’s cloud-native API based solution.