As email remains to be a common infection vector because of how easily it can be abused, attackers continue to take advantage of it by crafting threats that are persistent in nature and massive in number. In 2018 alone, the Trend Micro™ Cloud App Security™ solution blocked 8.9 million high-risk email threats after Office 365’s built-in security. The vulnerable nature of email is further evidenced in a new Avanan report, which found that of 546,247 phishing attacks deployed against Office 365, 25% were able to bypass its security.
The report looked into 55.5 million emails sent to Office 365 and G Suite and found that one in every 99 emails is a phishing attack. In the report’s breakdown of phishing attacks, malware phishing or the use of a phishing email to install malware on the victim’s device accounted for 50.7%, credential harvesting 40.9%, extortion 8%, and spear phishing 0.4 %.
Schemes used in phishing and other email-based attacks
The Avanan report also noted that brand impersonation, a display name deception tactic, was widely used by cybercriminals to get a victim to click on a malicious link or inadvertently give out account credentials to a bogus login page. The report said that there is probably at least one phishing email in every 25 branded emails.
Obfuscation methods abusing vulnerabilities in Office 365 security layers were also observed in phishing attacks. For example, cybercriminals can obfuscate a URL to make it unrecognizable to Office 365 security, rendering its capability to block malicious content futile.
Abusing a rarely used file format can also be utilized by cybercriminals to evade detection, as discussed in Trend Micro Cloud App Security Report 2018. Operators behind spam campaigns have abused old yet rarely used file types to hide malware attachments. In this technique, the structure of the file types, e.g., .IQY and SettingContent-ms, was taken advantage of to evade certain kinds of detection methods or to bypass an outdated security filter.
Countermeasures for defending against email threats
The Trend Micro™ Smart Protection Network™ security infrastructure detected and blocked over 41 billion email threats in 2018. Organizations can be at risk of fraud, spying, and information theft, among other attacks, when their email services are compromised by attackers who not only craft advanced email threats and deploy them in massive numbers but also use advanced methods.
To protect their systems and networks, organizations can set up an advanced defense strategy by using the Trend Micro™ Cloud App Security™ solution as an additional security layer. Cloud App Security scans emails and files after they have passed through the security filters of cloud applications such as Microsoft® Office 365™ Exchange™ Online, Google Drive™, OneDrive® for Business, and SharePoint® Online and Gmail on G Suite.
Cloud App Security uses machine learning (ML) to detect suspicious content in the message body and attachments. Artificial intelligence (AI) and computer vision technology are also used to help detect and block attempts at credential phishing by checking if a legitimate login page’s branded elements, login form, and other website components are being spoofed. Meanwhile, Writing Style DNA helps detect email impersonation tactics used in business email compromise (BEC) and similar scams by using ML to recognize the DNA of a user’s writing style based on past emails.