Trend Micro: Remote work drove high-risk email threats up 32% in 2020

The benefits of cloud computing are well understood — it enables businesses of all sizes to access powerful compute resources that expand and contract in accordance with their needs, while allowing them to focus more of their core business rather than maintaining infrastructure. On the flip-side, however, the cloud can also offer nefarious actors easy access to valuable and sensitive data, as evidenced by the myriad high-profile breaches.

As all the major cloud providers continue to invest in new security products for their customers, and businesses themselves expend considerable resources to bolster their cloud security, hackers are adopting more sophisticated methods to infiltrate cloud defenses. However, a new report from cybersecurity giant Trend Micro suggests that cybercriminals are still applying age-old methods to attack email, which remains one of the most reliable cloud attack vectors.

Secure access

According to Trend Micro’s fourth annual Cloud App Security Threat Report, “high-risk” email threats rose by 32% in 2020 compared to the previous year. More specifically, it reported a double-digital increase in detections spanning malware, credential theft, and phishing emails.

The data was derived form businesses that used Trend Micro’s Cloud App Security software over the past year, though the company didn’t name any names. “We do not disclose our customers, but they vary from small business all the way to very large enterprises,” Jon Clay, Trend Micro’s director of global threat communications, told VentureBeat.

Cloud App Security, which works with both Microsoft Exchange Online and Gmail, as well as other cloud-based services such as Salesforce, OneDrive, SharePoint, Teams, Google Drive, Box, and Dropbox, is deployed by businesses using APIs in a direct cloud-to-cloud integration. Last year, the company said it detected and blocked 16.7 million high-risk email threats in Microsoft and Google’s respective email offerings, up substantially from the 12.7 million it detected a year previous.

Moreover, the company said that it detected more than 755,000 email threats in a single organization that claims 10,000 Microsoft 365 users, consisting mostly of malicious URLs and phishing links with a smattering of malware files and business email compromise (BEC) attempts. What’s worth noting here, though, is that all this was AFTER Microsoft 365’s built-in security smarts had already scanned the incoming emails. And this, according to Clay, was one of the most surprising findings in its latest report.

Above: Trend Micro: Cloud App Security Threat Report 2020

It is worth noting that while cloud-based services have been integral for businesses forced to transition to remote work due to the global pandemic, it has also proved fertile feeding ground for hackers looking to exploit weak security among home-workers. And this, according to Trend Micro’s U.K. technical director Bharat Mistry, is chiefly why the email threat landscape is where it is.

“The increase is primarily down to the sheer volume of new threats we are seeing as cyber criminals look to leverage the mobile and work-from-home workforce, and enticing them in to clicking or downloading malicious content on the pre-text of providing information or access to things like registering for COVID-19 vaccine, and so on,” Mistry added.

Email won’t die

While there has been a great hullabaloo around slick modern communications tools such as Slack (soon to be a $27.7 billion Salesforce subsidiary), reports suggest that at least 80% of businesses still use email as their primary communication tool. This is particularly the case for communications with customers, businesses, and other external parties, and it’s why a slew of email-centric technology companies continue to raise sizable sums of money from investors, spanning email security, data-driven email delivery, and even signature management.

All this serves to highlight why email remains an attractive target for would-be hackers — everyone uses it. “Typical years, 90% of threats detected across our customer base are email,” Clay said. “The significant trend that is concerning is the amount of email account credential attacks we saw, as most malicious actors are primarily targeting this in their attacks. Gaining access to an employee’s email account allows them to perpetrate malicious attacks a lot easier than using spoofed accounts.”

Other notable figures to emerge from Trend Micro’s latest report include the rise of malware inside emails, which increased 16% last year to 1.2 million detections and included a significant number of Emotet and Trickbot attacks which often precede a targeted ransomware attack. Elsewhere, Trend Micro detected 6.9 million phishing emails, up 19% year-on-year, while credential phishing attained the lofty figure of 5.5 million attempts, up 14%.

Interestingly, detections of BEC, a scam that targets businesses who carry out wire transfers with suppliers abroad, fell by 18% overall. However, a separate report last year from the non-profit international consortium Anti-Phishing Working Group (APWG) noted that the average wire transfer loss from BEC attacks actually grew 48% between Q1 and Q2 2020. Trend Micro hypothesized that BEC actors might be sacrificing quantity in favor of bigger or more targeted attacks.

Trend Micro’s report comes in the same week that Microsoft revealed that a cyberespionage group linked with China had been remotely accessing email inboxes using flaws in Microsoft Exchange mail server software. Following the revelation, Trend Micro was able to release an update for its intrusion prevention system (IPS) filters, which detect known network security threats. “This can help customers now who may be targeted with those exploits,” Clay said. “We also have network scanning solutions that could detect exploits within network traffic.  As for protecting emails, our AI and machine learning technologies could detect malicious use of emails, such as spam, phishing, or spearphishing.”