Human Layer Security company Tessian has analysed two million malicious emails flagged by its inbound email security solution Tessian Defender, from July 2020- July 2021, to find out how they slipped past existing defences, like secure email gateways, and the tactics cybercriminals use to carry out advanced spear phishing attacks.
Its analysis shows that malicious emails spiked in the last three months of the year, with 45% more malicious emails detected in October, November and December 2020 than in the preceding quarter.
November 2020 saw the biggest spike, with around 90,000 malicious emails detected in the week of the Black Friday sales.
Malicious emails are typically delivered around 2 p.m. and 6 p.m. in the hope that one will get past a tired or distracted employee. The most popular techniques are display name spoofing, where the attacker changes the sender’s name to someone the target recognises (used in 19% of detected threats), and domain impersonation, where the attacker sets up an email address that looks like a legitimate one (11%).
The five most impersonated brands during the period in question were Microsoft, ADP, Amazon, Adobe Sign and Zoom.
Tessian Chief Information Security Officer Josh Yavor said: “Gone are the days of bulk spam and phishing attacks, and here to stay are highly targeted spear phishing emails. Why? Because they reap the biggest rewards. The problem is that these types of attack are evolving every day. Cybercriminals are always finding ways to bypass detection and reach employees’ inboxes, leaving people as organisations’ last line of defence. It’s completely unreasonable to expect every employee to identify every sophisticated phishing attack and not to fall for them. Even with training, people will make mistakes or be tricked. Businesses need a more advanced approach to email security to stop the threats that are getting through.”