Privacy & Hazards
Examine the necessity to transcend intrinsic Microsoft 365 and Google Workspace™ security based on email menaces unearthed in 2023.
Reading time: ( words)
Distant and blend work settings have emerged as the new standard. The reality that electronic mail has grown progressively integral to your business proceedings has prompted malevolent actors to prefer email as an assault route. In 2023, Trend Vision One™ – Email and Collaboration Security revealed over 45 million high-risk email threats, aside from those identified by built-in Microsoft 365 and Google Workspace security. As foes become more covert and structured, it’s more crucial than ever to enhance your organizational safeguards beyond native security.
With flexible and remote workforces persistently causing gaps in cloud security to be taken advantage of, cyber offenders are exploiting loopholes in email services’ intrinsic security. In reality, 46% of all menaces blocked by Trend Micro in 2023 were email threats.
Regrettably, built-in security for renowned email services like Microsoft 365 and Google Workspace is simply insufficient to halt malevolent emails from infiltrating organizations. Solutions such as Email and Collaboration Security have become a pivotal component of yoursecurity posture, as this protective system complements inherent security measures and serves as an additional security layer capable of identifying highly elusive and intricate threats.
Increase in Malware Incidents, Decline in Known Malware Identifications
In the year 2023, 19.1 million malware files were identified and thwarted by Trend, marking a substantial 349% surge from the previous year. The documented instances of recognized malware transpired to be around 16 million, indicating an overwhelming 3,079% rise. Nonetheless, it is critical to note that the tally of unidentified malware files witnessed a reduction to 3 million, showcasing an 18% decline.
An initiative undertaken by Microsoft during mid-2022 continues to contribute to the decrease in detections. In this period, Microsoft implemented measures to prohibit the execution of macro scripts within Microsoft 365 documents, especially those sourced from the web or delivered as email attachments. For the past eight years, the predominant mode of initial intrusion has been through malicious macro scripts embedded in Microsoft 365 documents, typically disseminated to targets via email.
Proliferation of Phishing Attacks
According to a report by Egress, 94% of organizations succumbed to phishing assaults in 2023. This constituted a 40% surge in phishing incidents from the preceding year, where a total of over 14 million attacks were detected and blocked.
A 45% decline in phishing attacks identified through spam counts was noted in 2023, with nearly 8 million total discoveries.
It’s noteworthy that Email and Collaboration Security scanning encompasses phishing URLs within attachments as potential malware, explaining the dip in phishing detections. Cybercriminals are now favoring the inclusion of phishing links within email attachments rather than directly in the email body for camouflage.
Instances of phishing assaults aimed at illicit data acquisition, also referred to as credential phishing, observed a 17% climb in 2023, with close to 7 million assessments. While known credential phishing elucidations saw marginal growth at 5%, the unrecognized credential phishing interpretations experienced a substantial 29% surge.
However, the unveiling of 870,555 deceptive credential phishing links through Computer Vision technology – an amalgamation of image analysis and machine learning mechanisms – marked a noteworthy 263% escalation in comparison to 2022.
BEC: A Pervasive Attack Avenue
Research by Trend indicated that instances of business email compromise (BEC) rose to 446,234 in 2023, registering a 16% uptick. The detection of BEC attacks via Trend Micro™ Writing Style DNA amounted to 166,034, while 280,191 were identified through the anti-spam engine, representing a 13% increase.
Cyber offenders continued refining their approaches to exploit new work configurations. Trend’s examination revealed that BEC perpetrators predominantly masqueraded as top-level executives or managerial figures by impersonating ordinary employees. The advent of sophisticated chat AI utilities is anticipated to render cybercriminals more proficient in these deceptive endeavors.
Future Considerations
In the context of the evolving landscape of remote and hybrid work environments, comprehensive visibility throughout the organization is indispensable. Consistently identifying, evaluating, and mitigating risks across your digital infrastructure is crucial to fortifying user defenses and safeguarding business reputation.
To achieve comprehensive visibility, cybersecurity leaders should leverage a Software as a Service (SaaS) solution that supplements the intrinsic security features of email platforms like Microsoft 365 and Google Workspace.
Cloud App Security, a SaaS-based offering, boasts user-friendly setup, incorporates sophisticated Machine Learning techniques, and aligns with our Trend Vision One™ framework. This unified cloud-native security operations hub offers pivotal functionalities such as advanced Extended Detection and Response (XDR), proactive management of attack surfaces, and robust zero-trust capabilities – enabling you to outpace potential threats and uphold business continuity.
Delve deeper into the statistics and insights concerning email-related threats in 2022, along with mitigation strategies, by referencing our in-depth email threat landscape report: Recognizing Cybercriminal Tactics and Techniques Imperative for Organizations.
Tags
sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk
About Author
