Abnormal Security Email Threat Report H1 2022 - The Findings
Abnormal Security has recently released its H1 2022 Email Threat Report covering data from June to December 2021. As modern threats continue to increase in volume, severity and sophistication, the report unveils trends and insights and offers pragmatic predictions for 2022. We’ll be summarising the key statistics of this report and how you can stay ahead of cybercriminals in the coming year and beyond.
Key Trends and Insights
According to the report, one of today’s modern attacks use high-value strategies that rely on social engineering to trick recipients into sending money or divulging sensitive information. The problem with these attacks is that they don’t contain the normal indicators of compromise, enabling them to evade secure email gateways and traditional defences. There are four key trends highlighted within the report:
1. The Volume of Email Attacks Continued to Rise
As email security has improved over the last year, some might have expected the number of email attacks to drop. Data from the report shows the opposite to be true:
- During the last half of 2021, the overall attack volume increased by 10.33%.
- Scams and BEC attacks rose, whilst credential phishing dropped slightly.
- Cybercriminals are seeing more success with text-based attacks that bypass traditional security tools.
2. There Was an Increase in Phone Scams
An emerging malware tactic that increased dramatically during the second half of 2021 was the use of phone fraud. Instead of traditional voice phishing (vishing) tactics, these attacks started with a phishing email and directed users to call scammers. While geared towards consumers, cybercriminals were clearly willing to scam organisations too. Some key statistics were:
- Over half of all organisations received at least one attack.
- The probability of an attack peaked in December at 89%.
- Education and religious organisations had a higher chance of receiving an attack.
- Larger organisations had the greatest probability of receiving an attack.
3. Vendor Email Compromise (VEC) Risk Continued to Be a Concern
Vendor Email Compromise or supply chain compromise aims to phish for vendor email credentials, access email accounts and then use compromised accounts to attack partners. The attack technique is incredibly successful and dangerous:
- Over a quarter of all Abnormal customers were targeted every week.
- The average attack size remained at $183,000.
- There was a 67% chance of receiving a VEC attack in H2 2021.
- As with phone fraud, larger organisations were most at risk due to the volume of mailboxes.
- Organisations with 50,000+ employees had a 96.7% chance of receiving an attack from their supply chain every week.
4. Business Email Compromise (BEC) Became a Bigger Threat
Despite increased awareness of BEC, the threat vector went up another level in 2021 as cybercriminals saw success by pivoting their impersonation strategy:
- The number of BEC attacks per 1,000 mailboxes nearly doubled.
- There was an 84% increase in the number of BEC attacks.
- There was a 32.7% decrease in attacks impersonating executives, but those same executives received 24% more attacks.
- 87.7% of all BEC attacks targeted general employees.
- Executives were the most common impersonated party in attacks that targeted other executives.
- Small businesses received most BEC attacks per mailbox as attackers targeted specific roles.
- There was a 95% chance of receiving a BEC attack each week for organisations with 50,000+ employees. Not surprising, due to the sheer volume of mailboxes.
- Retail and agriculture were at the highest risk, with an 82.3% chance of receiving at least one BEC attack each week.
What to Expect in the Future?
The report serves as a solid reminder to expect an increase in modern attacks such as BEC and VEC as we move through 2022. Cybercriminals will continue to shift tactics to avoid defences and scam victims. Emails are no longer dependent on malicious attachments and links - the traditional indicators of compromise. Modern attacks will continue to increase both in volume and severity in 2022 but they can be stopped with the right solutions in place. If you would like to have enhanced protection and deeper, timely, more actionable insights, contact InfoTrust today for a consultation on Abnormal Security’s cloud-native API based solution.
If you’d like to learn more about Abnormal Security’s findings or to read the full report, download the H1 2022 Email Threat Report today.
see our
Related resources
In today’s digital age, we all use a vast amount of information to conduct our business activities, sharing, and interacting with data across multiple devices and networks. As such confidentiality, integrity and availability are key. You only have to look at recent news headlines to realise that even organisations with comprehensive security strategies are still vulnerable to cybersecurity breaches. Vulnerabilities can lie within the technology being used, the cyber-awareness of its employees, and the sophistication of attacks.
During the great cloud rush, many organisations moved to various cloud environments, for the productivity advantages, improved reliability and security compared with running on premise environments. But the naysayers conveyed the risks associated of security concerns and outages, having the potential to bring down a company or even an economy if a there was a massive outage.
Based on InfoTrust analysis at the start of 2019 of over 9000 Australian company domain MX and SPF records, over a third of these organisations rely on Microsoft O365 Productivity suite.
This includes some of Australia’s largest organisations that would undoubtedly disrupt an economy if they were without email for a sustained period of time.
As you may be aware, from July 1 2019, all APRA regulated entities will be required to adhere to a new prudential standard, CPS 234. According to APRA, “this Prudential Standard aims to ensure that an APRA-regulated entity takes measures to be resilient against information security incidents (including cyber-attacks) by maintaining an information security capability commensurate with information security vulnerabilities and threats.”
Mimecast recently released its State of Email Security Report for 2021. The fifth edition of its annual report used interviews with over twelve hundred of information technology and cybersecurity professionals across the globe to gather vital cybersecurity insights. The report offers an insight into the latest email threats along with advice on how to build cyber resilience and mitigate the risks of email-borne attacks.
Last month CrowdStrike released its 2020 Global Threat Report, reflecting on the past year’s cybercrime and the types of attacks and techniques criminals have been utilising. In this blog post, we take a look at the key trends from the report and what they mean to Australian businesses.
Earlier this month the CrowdStrike® Falcon® Overwatch™ team released their 2018 mid-year review, “Observations from the Front-Lines of Threat Hunting”. InfoTrust discusses the front-line and why security is everyone’s business. A brief precis, some thought provocation, and insight (hopefully) are below.
We're Here To Help