Of these, security firm Trend Micro detected 35% more credential phishing attempts than in 2018, with the number of unknown phishing links in the attacks jumping from just 9% of the total to more than 44% in 2019 - with the company suggesting this may demonstrate that scammers are registering new sites to avoid detection.
According to Trend Micro the email attacks involved its customer leveraging cloud-based email services from Microsoft and Google - with the second layer of defence catching threats beyond those detected by the cloud email services’ built-in security.
“Organisations are leveraging the power of SaaS-based applications in greater numbers to drive productivity, cost savings and growth. However, in doing so they may be opening themselves up to risk if they only rely on built-in security,” said Mick McCluney, Technical Director at Trend Micro ANZ.
“As our report shows, built in security is not enough on its own to stop today’s cybercriminals. Businesses must take ownership of cloud protection and find a multi-layered third-party solution to enhance their platform’s native security functionality.”
The report also shows that criminals are getting better at tricking the first layer of defence against Business Email Compromise (BEC) attacks, which typically look at attacker behaviours and intention analysis of the email content.
The percentage of BEC attacks caught by AI-powered authorship analysis increased from 7% in 2018 to 21% in 2019, reports Trend Micro
Emerging phishing techniques outlined in the report include the increasing use of HTTPS and targeting Office 365 administrator accounts, enabling malicious hackers to hijack all connected accounts on the targeted domain and use them to send malware, launch convincing BEC attacks and more.
To this end, Trend Micro says it blocked nearly 400,000 attempted BEC attacks - 271% more than in 2018.
In the face of such threats, Trend Micro recommends organisations take the following mitigation steps:
- Move away from a single gateway to a multi-layered cloud app security solution
- Consider sandbox malware analysis, document exploit detection, and file, email, and web reputation technologies to detect malware hidden in Office 365 and PDF documents
- Enforce consistent data loss prevention (DLP) policies across cloud email and collaboration apps
- Choose a security partner that can offer seamless integration into their cloud platforms, preserving user and admin functions
- Develop comprehensive end user awareness and training programs.