One of the most common tools used by cybercriminals is email. Using a simple but malicious message, an attacker can deploy malware through a file attachment or a linked page. Phishing campaigns take advantage of email to convince people to share account credentials or other sensitive data, which the attackers use themselves or sell to other criminals. In a report released Wednesday, cybersecurity provider Trustwave looks at email scams prevalent in 2020 and provides advice on how to combat them.
SEE: Cybersecurity: Let’s get tactical (free PDF)
For its “2021 Email Threat Report,” Trustwave offered some good and bad news. On the plus side, scams continued to plummet, falling by 43% last year compared with 2019. Overall spam volume in 2020 came in at just 15% of the levels seen in 2014. And though the volume of malicious file attachments in spam rose last year, the numbers were still relatively low from an historical perspective.
The infamous Emotet botnet was busy during the first half of 2020, deploying malicious Word documents in password-protected files. But in January 2021, a global team of law enforcement officials and private companies announced a successful effort to take down Emotet through legal and technical means.
Malicious file attachments
On the minus side, malicious file attachments continued to keep security professionals and users on their toes. Microsoft Office files remained the biggest type of malicious attachment last year, sporting embedded macros able to download malware. However, the preferred file type switched.
In 2020, Excel files took the top spot as the largest type of malicious Office attachment, accounting for 39% of cases, up from just 7% in 2019. At the same time, malicious Word documents dropped to 4% from 48% the previous year. Trustwave attributed the switch to tactics used by Emotet.
Phishing attacks grew last year with more campaigns impersonating such popular products as Outlook and Microsoft 365. Attackers attempted to trick users with certain requests, such as verifying an account or email address, changing a password, upgrading mailbox storage or listening to a voicemail message.
Of course, COVID-19 was another popular topic for exploitation last year. Phishing emails tried to spoof the World Health Organization, the Centers for Disease Control and Prevention, and other groups involved in the coronavirus pandemic. To tap into the anxiety and concern about the virus, these emails touted such subjects as “Covid-19 employee relief fund,” “Important Covid-19 guidelines for employees,” “WHO Coronavirus Safety and Prevention guideline,” and “Covid-19 Cure.”
Business email compromise
Another common scheme in 2020 was the business email compromise (BEC), which targets specific people or roles in a company as a way to steal money. The target is typically a mid-level executive or financial officer with the authority to send money. The attacker often pretends to be the company’s CEO or another high-level executive asking the recipient to send money to a vendor or contractor.
To help you better defend yourself and your organization again email threats, Trustwave offers the following tips:
- Set up an email security gateway. This gateway could be on-premises or in the cloud. But it should include several layers of security, such as anti-spam, anti-malware and policy-based content filtering. Specifically, such a policy should require the following rules: 1) Quarantine or flag all executable files, including Java, scripts such as .js and .vbs, and all unusual file attachments. Keep in mind that you’ll need to create exceptions for handling legitimate inbound sources. 2) Block or flag macros in Microsoft Office documents. 3) Block or flag password-protected archive files and unusual archive types, such as .ace, .img, and .iso.
- Update client software. Many email attacks exploit unpatched software. Be sure to fully patch and update key products such as Microsoft 365 and Adobe Reader.
- Check for malicious or suspicious links in emails. Make sure that such links are checked either through an email gateway, a web gateway, or both.
- Implement anti-spoofing tools. Anti-spoofing technology deployed on your email gateway can detect domain misspellings and other signs of spoofing.
- Tighten procedures for approving financial payments. Phishing emails that impersonate invoices can trick employees into sending money to cybercriminals. To avoid this, have a strong process in place for approving any financial payments received by email.
- Educate your users. Make sure that all users, from the rank and file up to the C-suite, are trained to detect phishing emails. Conduct mock phishing exercises to show them the signs of a malicious email.