Criminals still like using email to phish credentials but ransomware delivered by email has tapered off.
Malware delivered to email accounts rose 196% in 2021 year on year, according to cybersecurity firm Trend Micro, which warns that email remains a major avenue for criminals looking to deliver malware and phish account credentials.
Some 74.1% of the all threats blocked by Trend Micro in 2021 were email threats versus its products that blocked malware delivered over websites.
Trend Micro’s figures are based on detections gathered from enterprise customers that use its Cloud App Security product on top of Google Workspace and Microsoft 365, which both feature in-built anti-malware systems.
The firm saw large increases in known and unknown malware, which rose 134% and 221% respectively year on year.
Major email threats were the Emotet spam botnet, the Panda Stealer targeting cryptocurrency wallets, Qakbot, and an advanced persistent threat targeting organizations in South America.
Attacks on cryptocurrency wallets became prevalent enough through 2021 that Microsoft is now trying to push the name “cryware” for this type of information-stealing malware.
Ransomware threats delivered through email declined in 2021 due to attackers shifting from mass campaigns with small demands aimed at individuals to highly targeted efforts involving larger ransom sums to decrypt files.
Trend Micro’s cloud security app detected and blocked 101,215 ransomware files, representing a 43.4% decrease on instances it detected in 2020. Ransomware gangs have long preferred unsecured Windows RDP endpoints to compromise targets.
The security firm detected 6.2 million attempts to steal victims’ credentials in phishing emails, up 15.2% year on year.
Trends in business email compromise (BEC) are ambiguous. According to Trend Micro, BEC detections decreased by 10.61% year on year. But the FBI says BEC cost businesses $2.4 billion in 2021, which is up from $1.8 billion in 2020.
According to the FBI, BEC is much more lucrative than ransomware. BEC scammers mostly rely on sophisticated and targeted social engineering to convince employees to authorize unwanted wire transfers.
“The reduction in BEC victims doesn’t equate to a dip in cyber criminal profits,” Trend Micro notes.
Source: Microsoft: Ransomware gangs are using unpatched Exchange servers to gain access, so get updating | ZDNet