Remote and hybrid work environments have become the new norm. The fact that email become increasingly integral to your business operations, has led malicious actors to favor email as an attack vector. In 2022, Trend Micro™ Cloud App Security discovered nearly 40 million high-risk email threats, in addition to those detected by built-in Microsoft 365 and Google Workspace security. As threat actors become stealthier and more organized, it’s more important than ever to take your organizational defenses beyond native security.
While the recent expansion of work from home (WFH) and hybrid labor forces caused gaps in cloud security to be exploited, cybercriminals continued to leverage blind spots in email services’ built-in security. In fact, 54% of all threats blocked by Trend Micro in 2022 were email threats.
Unfortunately, built-in security for popular email services, like Microsoft 365 and Google Workspace, is simply not enough to stop malicious emails from infiltrating enterprises. Tools like Cloud App Security have become a vital part of your defense strategy, as this security platform supplements built-in security and acts as a second layer of defense that can catch highly evasive and complex threats.
Malware attacks surged, known malware detections dropped
Trend detected and blocked 4.3 million malicious files in 2022. This represents a 29% rise when compared to 2021. The number of unknown malware threats also spiked to 3.8 million, indicating a substantial 46% surge. Nevertheless, it is important to mention that the number of known malware files to 505,838, representing a 32% decline.
This drop in detections can be ascribed to a measure implemented by Microsoft mid-2022. During this period, Microsoft took action to prevent the execution of macro programs in Microsoft 365 documents, particularly those obtained from the internet or received as email attachments. Over the past seven years, the prevailing method for initial access has been through Microsoft 365 documents containing malicious macros, commonly distributed to targets via email.
Phishing remains a common attack method
According to a report by security company Egress, 92% of organizations have fallen victim to phishing attacks in 2022. This accounts for the 29% increase in phishing incidents from 2021, where we detected and blocked a total of over 21 million attacks.
We also observed a 45% growth in phishing attacks detected via spam count in 2022, with close to 15 million total detections.
Phishing attacks aimed at stealing info and data, also known as credential phishing, saw a 4% growth in 2022, with nearly 7 million detections. Trend also saw minimal growth for both known and unknown credential phishing detections at 1% and 2%, respectively.
However, 239,777 credential phishing links were discovered via Computer Vision, an image analysis and machine learning (ML) technology that detects credential phishing emails by checking site content like branded elements and login forms. Our findings represent a whopping 205% increase compared to the 78,556 detections found in 2021.
BEC continues to be a lucrative attack option
Trend Research disclosed that business email compromise (BEC) detections rose to 383,928 in 2022, a growth of 35%. The number of BEC attacks that were detected via Trend Micro™ Writing Style DNA reached 134,894, while 249,034 were detected through the anti-spam engine, representing a massive 66% increase.
Cybercriminals continued to evolve their tactics to take advantage of new work setups. Trend Research determined that BEC actors mostly impersonated executives or high-ranking management personnel by spoofing general employees’ names. With arrival of sophisticated chat AI tools are expected to make cybercriminals more adept at these type of spoofs.
Visibility across the enterprise is paramount in the new normal of remote and hybrid work environments. You need to continually discover, assess, and mitigate risk across your digital attack surface to keep your users secure and the business out of the headlines.
To gain comprehensive visibility, cybersecurity leaders should leverage a SaaS-based platform that supplements the built-in security features in email platforms like Microsoft 365 and Google Workspace.
SaaS-based solutions like Cloud App Security are easy to set up, use sophisticated techniques like ML, and are a part of our Trend Vision One™. This single modern cloud-native security operations platform delivers key capabilities like power purpose-built XDR, attack surface management, and zero-trust capabilities so you can move faster than your adversaries and protect business operations.
Learn more about the facts and figures of email threats for 2022 as well as mitigation strategies in our exclusive email threat landscape report: Cybercriminal Tactics, Techniques That Organizations Need to Know.