Businesses experienced 50% more cyberattacks per week in 2021 compared to 2020, and the average total cost of a data breach increased from $3.86 million to $4.24 million in 2021. Typically, when cyberattacks increase, most people turn to the generation of new technology and increased dependence on computers and cloud usage as a source of the problem. While it's true that highly publicized cyberattacks like the SolarWinds attack, REvil's $70 million attacks on Kasea, and Microsoft's print nightmare utilized advanced tactics like third-party attacks, zero-day vulnerabilities, and IoT devices, the number one target for cyberattacks is a platform that's existed for a while.
Despite the fact that it's been a primary way for businesses to communicate for decades, email attacks are the number one way threat actors access a network. According to reports, 91% of all cyberattacks begin with an email. While the number might be staggering, the data isn't new. Email presents a major security threat, and most businesses fail to do anything about it. In 2021, 96% of organizations were targeted by an email-related phishing attempt, 75% of organizations have been attacked by ransomware, and 64% of companies paid the ransom.
So, why after all these years of using email, does it remain the main factor in cyberattacks? Unfortunately, there are a number of reasons. By design, email is expected to be easily accessible and convenient. Hackers are aware of the vulnerabilities and the wide usage of email platforms, making it an easy target. Adding to the complexity of the situation, email attacks are growing in sophistication, making them much more effective across all businesses. This is why it's essential for businesses to learn about email threats, how they work, and which ones are most likely to derail businesses in 2023.
Most individuals are aware of the existence of phishing, and that it can lead to cyberattacks, but many employees don't have a real concept of what phishing looks like or the many different ways it can be used. Phishing is an attack that uses a deceptive email as a weapon to solicit information or gain access to a network. Attackers pose as a trusted entity to gain the trust of email users, so they will provide sensitive information or follow instructions that will put the business network at risk. Today's phishing attacks are incredibly sophisticated, making it hard to distinguish the difference between them and real company emails.
Phishing attacks may use malicious web links, malicious attachments, or fraudulent data entry forms to achieve their goals. They typically masquerade as a company or individual you already interact with and contain a subject line that implies urgency. Phishing emails to watch out for in 2023 may include:
Attackers create emails that look almost identical to those that come from brands you already interact with. These emails often suggest that you need to take action in relation to a current account. Subject lines might include urgent requests like Password Reset Required, Update Payment Information, or links that say you need to log in to your account.
Postage-themed phishing emails usually pose as well-known postage services with information about a package for you. Most people will view these emails even when they aren't expecting a package. Keywords in these emails usually include failed delivery attempts, pending customs fees, tracking link updates.
Emails that appear to be sent from within the company may promise a bonus or reveal information about a data breach. These emails are usually opened due to a sense of urgency and include keywords that request immediate action. Subject lines may include terms like save your account, grab your bonus, immediate action required, and data will be lost.
These emails typically target finance employees and exploit their sense of responsibility. They often include malicious links, attachments, or PDF files.
Business email compromise (BEC) is an attack in which an attacker obtains access to a business email account and imitates the owner's identity in order to defraud the company, its employees, customers, or partners. The most common type of BEC attack involves an attacker gaining access to a business network through a phishing email. The attacker moves discreetly through the system to study the correspondence between employees and executive leaders. The attack is completed when the threat actor sends a false email to an employee in the finance department to request an immediate wire transfer. BEC attacks typically utilize methods of spear-phishing, malware, and spoofing email accounts.
BEC attacks are difficult to recognize because attackers take pains to duplicate company emails and imitate typical inner-office communications. The major types of BEC attacks include:
Ransomware is a type of malware that threatens to publish or block access to data or a computer network (usually by encryption) until the victim pays a ransom fee to the attacker. The ransom usually comes with a deadline and isn't always rewarded with the restoration of data or access. The two most common tools in ransomware are encryptors and screen lockers. When a ransomware attack occurs, victims are usually notified by a lock screen to purchase cryptocurrency to pay the ransom fee. Upon payment of the ransom, victims receive the decryption key to retrieve files. Ransomware is often spread through email with the use of a malicious attachment, link, or PDF.
Businesses that fall victim to ransomware can lose thousands of dollars in productivity and data loss. Ransomware attacks were up 61% in 2021 as compared to 2020, and 64% of companies paid the ransom but 4 out of 10 failed to recover the data. The most common types of ransomware include:
One of the most well-known and damaging variants, this type of ransomware encrypts the files and data within a system, making the content inaccessible.
This is fake software that claims to have detected a virus or other issue on your computer and directs you to pay to resolve the problem. Some types of scareware lock the system.
This software completely locks users out of the system, making files and applications inaccessible. A lock screen displays the ransom demand and might include a countdown clock.
This attack uses a threat to distribute sensitive company information online to extort a ransom. Some variations claim to be law enforcement and suggest payment of a fine can be used to avoid jail time.
Ransomware attacks have been multiplied by being made available as a service on underground forums. RaaS software enables non-technical people to create and manage malware attacks without the tech knowledge or skills. This attack technically has 2 types of threat actors: the RaaS operator who provides ransomware, and the attackers who use and spread the malware. RaaS can be purchased on a monthly subscription, commission-based programs, or a one-time purchase. RaaS is on the rise, most likely due to its potential use for anyone with malicious intentions.
Social engineering encompasses a wide range of cyberattacks that exploit human behavior. These attacks use psychological manipulation to trick users into making security mistakes or exposing sensitive information. Phishing and BEC attacks can both be examples of social engineering when the attacker uses methods to deceive victims through fraud. Social engineering relies strictly on human error as permission to access a network. While many of the other cyberattacks mentioned utilize social engineering, it's an important tactic to watch for in email attacks in the coming year. Social engineering may include these methods:
Similar to phishing scams that utilize malicious attachments, PDF scams have the single goal of getting victims to open an attached PDF. These email attacks are a particularly effective form of business attack because they mimic common document sharing behavior. Threat actors know that employees may be wary of emails asking them to click on a link. The use of a PDF breaks that association since PDFs are commonly linked to business practices.
PDF scams usually involve an email that states a security policy has been updated, or important account information is included. When you click on the attached PDF, it exposes your device to ransomware or malware. PDF scams are a particular concern in 2023 because office workers associate PDFs with work and are less likely to consider them as a threat than links and other attachments.
In businesses, the most common form of PDF attack is a file-sharing attack. This scam simply informs the user that someone has shared a document with them. The email might require the user to click on an embedded link or contain a malicious PDF. Other PDF scams may target businesses or personal devices. These include:
These attacks are designed to take control of a line of communication to gather sensitive information or take control of the stream of communication for profit. Man-in-the-middle attacks begin when an attacker hijacks an email account. When a contact sends an email to the victim, the attacker intercepts the message and determines what to do with the information. The attacker may modify, steal, or use the information.
These attacks are particularly dangerous for businesses because attackers can coerce actions from employees or customers who think they are communicating with a company executive.
The effects of a single phishing email can be devastating to a business. Today's phishing emails are incredibly sophisticated (often including company logos or a legitimate email address), making it crucial that employees are prepared to be vigilant at all times. To protect your business against falling victim to a ransomware attack, data breach, or other cyberattacks that begins with phishing or BEC emails, preventive measures are essential. Your biggest lines of defense against email attacks are employee behavior and your cybersecurity solution.
A phishing email is designed to look like the real thing. Preparing your employees to receive these emails can save your organization millions of dollars. While phishing emails might include legitimate company logos or official credentials, there are red flags that can be helpful in identifying a malicious email.
Beyond the behavior of your employees, your cybersecurity tools and practices are a vital line of defense against the attacks embedded in phishing emails. Security as a Service (SaaS) solutions like managed detection and response (MDR) are designed to protect your network against attacks like ransomware, malware, and data breaches that threat actors deploy in phishing emails.
There is no doubt that cyberthreats will always be a threat to business networks. However, a comprehensive security solution can help you address existing and new threats with evolving tools, software, and security tactics. In today's sophisticated threat landscape, cybersecurity must continually evolve to keep up with new threats that can bankrupt businesses and derail critical infrastructure. Professional security tools are the best way to interrupt and eliminate these threats.
Certain email authentication protocols have existed for years, but most individuals and businesses fail to use them effectively because the implementation can be tricky. Ask your security provider about these email protection capabilities and how your company can successfully adopt them.
Threat actors are technological experts who are always looking toward the future. Disruptions that change the way organizations operate are good news for hackers. When you consider the threats your business may face in 2023, it's important to consider the way your employee operations have changed, and how you can maintain effective security in your changing business landscape. These vulnerabilities may be new to your company in 2023.
Employees working from home on business devices introduce security vulnerabilities in other ways like insecure home Wi-Fi networks, sharing devices (and passwords) with family members, and using business devices for personal use. In fact, 56% of people who have access to an employer-issued device (laptop, smartphone, tablet, etc.) allowed friends and family to use those devices to do things like play games, stream media, and shop online. It's crucial that remote employees use the same cybersecurity practices at home as in the office.
71% of hiring managers plan to sustain or increase their use of freelancers within the next 6 months. Since these external parties often have access to critical systems, they present a vulnerability that hackers can exploit.
Mobile devices can increase convenience and productivity, but personal devices can create security gaps. BYOD opportunities with lax security measures open a threat to employees inappropriately or accidentally sharing company data from the devices they bring to work. In offices where BYOD policies exist, a security plan should be put in place to protect these devices.
Taking action when a breach occurs isn't enough. It's important to locate and patch vulnerabilities immediately after an attack to prevent other threat actors from taking advantage of the exposed vulnerability. As-a-service ransomware and phishing kits are poised to take advantage of lax post hack procedures in 2023.
On average, 80% of consumers have had their emails leaked on the dark web, and 70% have had their phone numbers compromised. These leaks give hackers the opportunity to gain access to multiple accounts. Employees who reuse passwords or use passwords associated with publicly available (like on social media) information risk having multiple accounts attacked.
Email is the leading attack vector for cybercriminals today. With the growth of as-a-service phishing kits and malware, email attacks are likely to keep increasing. It's essential to learn about the vulnerabilities that email can present and the ways you can protect your network against cyberattacks with a complete cybersecurity solution. Contact BitLyft for comprehensive 24/7/365 coverage from all cyber threats.