Businesses experienced 50% more cyberattacks per week in 2021 compared to 2020, and the average total cost of a data breach increased from $3.86 million to $4.24 million in 2021. Typically, when cyberattacks increase, most people turn to the generation of new technology and increased dependence on computers and cloud usage as a source of the problem. While it's true that highly publicized cyberattacks like the SolarWinds attack, REvil's $70 million attacks on Kasea, and Microsoft's print nightmare utilized advanced tactics like third-party attacks, zero-day vulnerabilities, and IoT devices, the number one target for cyberattacks is a platform that's existed for a while.
Despite the fact that it's been a primary way for businesses to communicate for decades, email attacks are the number one way threat actors access a network. According to reports, 91% of all cyberattacks begin with an email. While the number might be staggering, the data isn't new. Email presents a major security threat, and most businesses fail to do anything about it. In 2021, 96% of organizations were targeted by an email-related phishing attempt, 75% of organizations have been attacked by ransomware, and 64% of companies paid the ransom.
So, why after all these years of using email, does it remain the main factor in cyberattacks? Unfortunately, there are a number of reasons. By design, email is expected to be easily accessible and convenient. Hackers are aware of the vulnerabilities and the wide usage of email platforms, making it an easy target. Adding to the complexity of the situation, email attacks are growing in sophistication, making them much more effective across all businesses. This is why it's essential for businesses to learn about email threats, how they work, and which ones are most likely to derail businesses in 2023.
Most individuals are aware of the existence of phishing, and that it can lead to cyberattacks, but many employees don't have a real concept of what phishing looks like or the many different ways it can be used. Phishing is an attack that uses a deceptive email as a weapon to solicit information or gain access to a network. Attackers pose as a trusted entity to gain the trust of email users, so they will provide sensitive information or follow instructions that will put the business network at risk. Today's phishing attacks are incredibly sophisticated, making it hard to distinguish the difference between them and real company emails.
Phishing attacks may use malicious web links, malicious attachments, or fraudulent data entry forms to achieve their goals. They typically masquerade as a company or individual you already interact with and contain a subject line that implies urgency. Phishing emails to watch out for in 2023 may include:
Attackers create emails that look almost identical to those that come from brands you already interact with. These emails often suggest that you need to take action in relation to a current account. Subject lines might include urgent requests like Password Reset Required, Update Payment Information, or links that say you need to log in to your account.
Tracking or Delivery Emails
Postage-themed phishing emails usually pose as well-known postage services with information about a package for you. Most people will view these emails even when they aren't expecting a package. Keywords in these emails usually include failed delivery attempts, pending customs fees, tracking link updates.
Emails Reflecting Urgency or Promising Reward
Emails that appear to be sent from within the company may promise a bonus or reveal information about a data breach. These emails are usually opened due to a sense of urgency and include keywords that request immediate action. Subject lines may include terms like save your account, grab your bonus, immediate action required, and data will be lost.
These emails typically target finance employees and exploit their sense of responsibility. They often include malicious links, attachments, or PDF files.
BEC and Impersonation Attacks
Business email compromise (BEC) is an attack in which an attacker obtains access to a business email account and imitates the owner's identity in order to defraud the company, its employees, customers, or partners. The most common type of BEC attack involves an attacker gaining access to a business network through a phishing email. The attacker moves discreetly through the system to study the correspondence between employees and executive leaders. The attack is completed when the threat actor sends a false email to an employee in the finance department to request an immediate wire transfer. BEC attacks typically utilize methods of spear-phishing, malware, and spoofing email accounts.
BEC attacks are difficult to recognize because attackers take pains to duplicate company emails and imitate typical inner-office communications. The major types of BEC attacks include:
- CEO Fraud: Attackers pose as company leaders to request money transfers to an account they control.
- False Invoice Scheme: Attackers pretend to be suppliers (often international suppliers) requesting payment for services rendered. The email will utilize a false invoice for proof and request payment to a hacker-controlled account.
- Account Compromise: An executive or specific email is hacked and used to request invoice payments from vendors. While a false invoice scheme depends on trickery and spoofed email, account compromise utilizes email contacts to target multiple victims.
- Data Theft: An attacker impersonates upper-level executives to target HR and bookkeeping employees with requests that allow them to obtain personal or sensitive information about employees.
- Attorney Impersonation: The attacker impersonates a lawyer or other representative from a law firm seeking payment for matters surrounding a case the company is supposedly involved in. Attackers generally insist that the issue is time-sensitive and confidential.
Ransomware is a type of malware that threatens to publish or block access to data or a computer network (usually by encryption) until the victim pays a ransom fee to the attacker. The ransom usually comes with a deadline and isn't always rewarded with the restoration of data or access. The two most common tools in ransomware are encryptors and screen lockers. When a ransomware attack occurs, victims are usually notified by a lock screen to purchase cryptocurrency to pay the ransom fee. Upon payment of the ransom, victims receive the decryption key to retrieve files. Ransomware is often spread through email with the use of a malicious attachment, link, or PDF.
Businesses that fall victim to ransomware can lose thousands of dollars in productivity and data loss. Ransomware attacks were up 61% in 2021 as compared to 2020, and 64% of companies paid the ransom but 4 out of 10 failed to recover the data. The most common types of ransomware include:
Crypto Ransomware or Encryptors
One of the most well-known and damaging variants, this type of ransomware encrypts the files and data within a system, making the content inaccessible.
This is fake software that claims to have detected a virus or other issue on your computer and directs you to pay to resolve the problem. Some types of scareware lock the system.
This software completely locks users out of the system, making files and applications inaccessible. A lock screen displays the ransom demand and might include a countdown clock.
Doxware or Leakware
This attack uses a threat to distribute sensitive company information online to extort a ransom. Some variations claim to be law enforcement and suggest payment of a fine can be used to avoid jail time.
Ransomware as a Service (RaaS)
Ransomware attacks have been multiplied by being made available as a service on underground forums. RaaS software enables non-technical people to create and manage malware attacks without the tech knowledge or skills. This attack technically has 2 types of threat actors: the RaaS operator who provides ransomware, and the attackers who use and spread the malware. RaaS can be purchased on a monthly subscription, commission-based programs, or a one-time purchase. RaaS is on the rise, most likely due to its potential use for anyone with malicious intentions.
Social Engineering Attacks
Social engineering encompasses a wide range of cyberattacks that exploit human behavior. These attacks use psychological manipulation to trick users into making security mistakes or exposing sensitive information. Phishing and BEC attacks can both be examples of social engineering when the attacker uses methods to deceive victims through fraud. Social engineering relies strictly on human error as permission to access a network. While many of the other cyberattacks mentioned utilize social engineering, it's an important tactic to watch for in email attacks in the coming year. Social engineering may include these methods:
- Baiting: These emails use a false promise to rely on a customer's greed or curiosity. Emails with subject lines that promise a reward or promotion are an example of baiting.
- Scareware: False alarms and fictitious threats are used to frighten victims into taking immediate action. When your office email account suggests your device has a virus, it's hard to ignore the message.
- Pretexting: These attackers establish trust with their victims by impersonating co-workers, executives, or even police and attorneys. By pretending they are in a position of authority, these threat actors simply ask questions that are required for identity verification.
- Deepfakes: Cyberattacks using deepfakes are particularly concerning because of the growth in attack numbers and sophistication. Deepfake uses AI technology to create fake videos, images, or audio recordings of real people. Deepfakes can be inserted into or attached to emails, they can also be used alongside BEC email attacks in the form of a phone call for verification of an email request. Deepfake technology is especially concerning because sophisticated cyberattacks can be effective in zero-trust environments.
Similar to phishing scams that utilize malicious attachments, PDF scams have the single goal of getting victims to open an attached PDF. These email attacks are a particularly effective form of business attack because they mimic common document sharing behavior. Threat actors know that employees may be wary of emails asking them to click on a link. The use of a PDF breaks that association since PDFs are commonly linked to business practices.
PDF scams usually involve an email that states a security policy has been updated, or important account information is included. When you click on the attached PDF, it exposes your device to ransomware or malware. PDF scams are a particular concern in 2023 because office workers associate PDFs with work and are less likely to consider them as a threat than links and other attachments.
In businesses, the most common form of PDF attack is a file-sharing attack. This scam simply informs the user that someone has shared a document with them. The email might require the user to click on an embedded link or contain a malicious PDF. Other PDF scams may target businesses or personal devices. These include:
- Fake CAPTCHA
- Coupon phishing
- Static Image with a play button
- E-commerce/brand impersonation
Man in the Middle Attacks
These attacks are designed to take control of a line of communication to gather sensitive information or take control of the stream of communication for profit. Man-in-the-middle attacks begin when an attacker hijacks an email account. When a contact sends an email to the victim, the attacker intercepts the message and determines what to do with the information. The attacker may modify, steal, or use the information.
These attacks are particularly dangerous for businesses because attackers can coerce actions from employees or customers who think they are communicating with a company executive.
How You Can Protect Your Organization Against Email Attacks
The effects of a single phishing email can be devastating to a business. Today's phishing emails are incredibly sophisticated (often including company logos or a legitimate email address), making it crucial that employees are prepared to be vigilant at all times. To protect your business against falling victim to a ransomware attack, data breach, or other cyberattacks that begins with phishing or BEC emails, preventive measures are essential. Your biggest lines of defense against email attacks are employee behavior and your cybersecurity solution.
Educate Employees About Phishing and BEC Red Flags
A phishing email is designed to look like the real thing. Preparing your employees to receive these emails can save your organization millions of dollars. While phishing emails might include legitimate company logos or official credentials, there are red flags that can be helpful in identifying a malicious email.
- Urgent Requests: Threats or urgent deadlines create a sense of urgency and are used often in phishing.
- Discreet Misspellings: An email address that looks almost right can be easy to ignore. A common trick is to use an "r" and "n" in place of an "m".
- Poor Grammar: Minor grammar mistakes that can easily be overlooked as typos could be an indicator of imperfect English.
- Different Reply Address: Threat actors may have the ability to change "To" and "From" fields in emails to make them look legitimate. When this is the case, the "Reply" email address will often be different from the one displayed in the "From" field.
- Common Themes: Phishing attacks are often sent as mass mailings. Frequently update information about current phishing scams, so employees can be on the lookout.
Keep Cybersecurity Software and Methods Up-to-Date
Beyond the behavior of your employees, your cybersecurity tools and practices are a vital line of defense against the attacks embedded in phishing emails. Security as a Service (SaaS) solutions like managed detection and response (MDR) are designed to protect your network against attacks like ransomware, malware, and data breaches that threat actors deploy in phishing emails.
There is no doubt that cyberthreats will always be a threat to business networks. However, a comprehensive security solution can help you address existing and new threats with evolving tools, software, and security tactics. In today's sophisticated threat landscape, cybersecurity must continually evolve to keep up with new threats that can bankrupt businesses and derail critical infrastructure. Professional security tools are the best way to interrupt and eliminate these threats.
Learn Email Authentication Protocols Designed to Protect Against Cyberattacks
Certain email authentication protocols have existed for years, but most individuals and businesses fail to use them effectively because the implementation can be tricky. Ask your security provider about these email protection capabilities and how your company can successfully adopt them.
- Sender Policy Framework (SPF): allows senders to define which IP addresses are allowed to send mail for a particular domain.
- DomainKeys Identified Mail (DKIM): provides an encryption key and digital signature that verifies an email was not faked or altered.
- Domain-based Message Authentication, Reporting, and Conformance (DMARC) unifies the SPF and DKIM authentication mechanisms in a common framework and allows domain owners to determine how email is handled.
Adopt Firm Security Policies
- Adopt a zero-trust atmosphere. Over 80% of people's emails are exposed on the dark web. This makes it easy for threat actors to hijack the email accounts of business executives. If an email looks suspicious (even if it's from someone you'd normally trust), get confirmation before taking action.
- Use multi-factor authentication. A single password is no longer enough to protect your accounts. Multi-factor authentication simply requires you (or a potential hacker) to provide two forms of identification to access sensitive information.
- Never divulge personal information. Legitimate organizations never ask for sensitive information via email. If an email requests sensitive information, always contact the sender to verify the request.
- Adopt strong password policies. More than 23 million people use the password 123456, and 67% of people use the same password across multiple accounts. These practices make your accounts easily accessible. Create strong rules surrounding passwords for all business devices and enforce those rules frequently.
- Never share passwords digitally. A hacked account is a threat actor's number one tool for gaining access to critical information. If you have a shared account, always give the password verbally instead of through electronic communication.
Consider How Business Changes Lead to New Vulnerabilities
Threat actors are technological experts who are always looking toward the future. Disruptions that change the way organizations operate are good news for hackers. When you consider the threats your business may face in 2023, it's important to consider the way your employee operations have changed, and how you can maintain effective security in your changing business landscape. These vulnerabilities may be new to your company in 2023.
Employees working from home on business devices introduce security vulnerabilities in other ways like insecure home Wi-Fi networks, sharing devices (and passwords) with family members, and using business devices for personal use. In fact, 56% of people who have access to an employer-issued device (laptop, smartphone, tablet, etc.) allowed friends and family to use those devices to do things like play games, stream media, and shop online. It's crucial that remote employees use the same cybersecurity practices at home as in the office.
71% of hiring managers plan to sustain or increase their use of freelancers within the next 6 months. Since these external parties often have access to critical systems, they present a vulnerability that hackers can exploit.
Personal Devices in the Office
Mobile devices can increase convenience and productivity, but personal devices can create security gaps. BYOD opportunities with lax security measures open a threat to employees inappropriately or accidentally sharing company data from the devices they bring to work. In offices where BYOD policies exist, a security plan should be put in place to protect these devices.
Inadequate Post-Hack Procedures
Taking action when a breach occurs isn't enough. It's important to locate and patch vulnerabilities immediately after an attack to prevent other threat actors from taking advantage of the exposed vulnerability. As-a-service ransomware and phishing kits are poised to take advantage of lax post hack procedures in 2023.
Exposure of Private Data
On average, 80% of consumers have had their emails leaked on the dark web, and 70% have had their phone numbers compromised. These leaks give hackers the opportunity to gain access to multiple accounts. Employees who reuse passwords or use passwords associated with publicly available (like on social media) information risk having multiple accounts attacked.
Email is the leading attack vector for cybercriminals today. With the growth of as-a-service phishing kits and malware, email attacks are likely to keep increasing. It's essential to learn about the vulnerabilities that email can present and the ways you can protect your network against cyberattacks with a complete cybersecurity solution. Contact BitLyft for comprehensive 24/7/365 coverage from all cyber threats.