Two million malicious emails bypassed traditional email defences, like secure email gateways, between July 2020-July 2021, according to new data from Human Layer Security company Tessian. These emails were detected by inbound email security tool Tessian Defender and, in a first-of-its-kind report, Tessian analysed them to reveal how these attacks slipped past existing controls and the tactics cybercriminals use to carry out advanced spear-phishing attacks.
The report revealed that organisations received the most malicious emails in the last three months of the year, with Tessian detecting 45% more malicious emails in October, November and December 2020 versus the quarter before. November 2020 saw the biggest spike, with around 90,000 malicious emails detected in the week of the Black Friday sales.
Overall, employees received an average of 14 malicious emails per year. However, this number rose dramatically in the retail sector, with employees in this industry receiving the most malicious attacks at 49 on average. Manufacturing employees received the second most at 31, employees in the food and drink industry received 22, research and development employees received 16 and tech employees received 14.
Interestingly, Tessian researchers found that malicious emails are typically delivered around 2pm and 6pm in the hopes that a phishing email will slip through the cracks of a tired or distracted employee. In a previous Tessian report, 45% of employees admitted they had clicked on a phishing email because they were distracted.
When looking at the techniques used to target employees, impersonation tactics like display name spoofing, whereby the attacker changes the sender’s name to someone the target recognises, were used in 19% of malicious emails while domain impersonation, whereby the attacker sets up an email address that looks like a legitimate one, was used in 11% of threats detected by Tessian. 2% were account takeover attacks.
The top five brands most likely to be impersonated in the malicious emails detected between July 2020 and July 2021 were Microsoft, ADP, Amazon, Adobe Sign and Zoom – the latter likely spurred on by the shift to remote working.
Josh Yavor, Chief Information Security Officer, Tessian commented, “Gone are the days of the bulk spam and phishing attacks, and here to stay is the highly targeted spear-phishing email. Why? Because they reap the biggest rewards.
“The problem is that these types of attacks are evolving every day. Cybercriminals are always finding ways to bypass detection and reach employees’ inboxes, leaving people as organisations’ last line of defence. It’s completely unreasonable to expect every employee to identify every sophisticated phishing attack and not fall for them. Even with training, people will make mistakes or be tricked. Businesses need a more advanced approach to email security to stop the threats that are getting through – the attacks that are causing the most damage – because it’s not enough to rely on your people 100% of the time.”