Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Trustwave 2021 Email Threat Report Highlights Critical Trends in Email Security in the Age of Advanced Threats

Most mature organizations have recognized the importance of email security and subsequently added various new levels of defense to their security stack to protect against the ever evolving email threat landscape. Although the instances of compromise via email malware are trending lower, the threats themselves haven’t gone anywhere – and the consequences of inadequate email security have never been higher in the age of advanced threats.

In the new 2021 Email Threat Report from Trustwave, we break down real-life examples of the latest email threats and critical trends from the past year to help you gain an understanding of the current landscape so you can prepare your email security strategy.

The 2021 Email Threat Report highlights several key trends, including:

  • Microsoft Excel file attachments were the single biggest attachment type utilized by attackers in 2020, representing 39 percent of malicious attachments, up from 7 percent in 2019.
  • Forty-three percent of malicious Excel attachments made use of Excel 4.0 macros.
  • Longer term attacks seem to lead as the preferred method of email attack
  • Over 50 percent of BEC emails come from Gmail accounts.
  • Phishers increasingly used free cloud infrastructure to host phishing pages and files for sending emails, hosting phishing pages, storing files and more.

RESEARCH REPORT

2021 Email Threat Report

The Trustwave 2021 Email Threat Report, featuring data and analysis from the SpiderLabs Email Security Research and Malware Analysis Team, details some of the most significant email threats organizations face, and provides insight on the tricks and techniques cybercriminals are using to snare their victims.


We sat down with Phil Hay, Senior Research Manager, Email Security and Malware Analysis at Trustwave SpiderLabs to discuss some of the key trends from the 2021 Email Threat Report.

It appears that malware numbers were quite low last year and even into this year. Why is that?

Although on the surface this appears to be the case, it’s more likely a return to more “normal” levels of malware, percentagewise. The period from 2016-2018, was an abnormally high period of activity; the Necurs botnet in particular drove a massive number of spammed malware downloaders, leading to widespread ransomware and various other infections. It’s also worth noting that the longer-term trend of lower spam volumes, fewer and smaller botnets, resulting in less volume of email-borne malware. That does not negate the fact that there are still operators disseminating their malware via email, so the threat remains very much alive, just on a slightly smaller scale.

For organizations wanting to defend against threats, how has COVID-19 changed email security?

As noted in the report, apart from COVID-themed email threats which was inevitable, not much changed, as the longer-term email trend attacks continue to surpass any short-term changes. For example, using Office document files to deliver malware is still an overriding trend as well as the use of novel file types such as the COVID-themed .jnlp attachment example referenced in the report.

One area we did see a change in was driven by the increased number of employees working from home. This shift hastened a move to cloud-services, which brings with it an entirely different set of security challenges (more on that below).

Has the shift to cloud changed email security / attacker behavior? Is it easier to launch attacks?

Many organizations moved their teams to cloud services due to convenience and price and attackers are no different.

In the 2021 Email Threat Report, we detail how free cloud services are used in phishing attacks. Bad actors piggyback on the good reputation and the free or low-cost services of these cloud providers to bypass security checks. The bad guys don’t like to pay for infrastructure costs anymore than the next guy!

Another noteworthy area is the continued migration by organizations to cloud email services such as Office 365. Compromised O365 accounts are a highly sought-after commodity, as they can be used to launch targeted phishing, man-in-the-middle or BEC attacks. Once an account is compromised, attackers can then launch additional assaults within the organization. These attacks appear legitimate to users since they originate from actual accounts within the organization.

What should organizations be doing to protect themselves from email threats?

All email security strategies are a combination of technology, non-technical policies, awareness and training. Some key areas of focus include:

  • Deploying a capable email gateway scanner
  • Clearly define inbound email policies
  • Lock down your email as much as possible
  • Odd, rare or unusual file attachments should be quarantined or scrutinized prior to downloading or opening
  • Deploy Multi-factor Authentication on all cloud email accounts
  • Ensure a strong password policy to lessen account takeover risk
  • Deploy anti-spoofing and authentication technologies to identify BEC attacks against your own domains
  • Regularly train and educate all users on the nature of today’s email threats

Interested in ensuring your organization has the best email security posture? Learn more about Trustwave MailMarshal and its powerful email security capabilities here.

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More