Cybersecurity solutions provider Trend Micro said it blocked nearly 13 million high-risk email threats for customers using cloud-based email services from Microsoft and Google last year.
In a report titled Cloud App Security Roundup, the company said the changes they noticed in messaging-specific threats included the use of more sophisticated malware and the potential abuse of emerging technologies in the field of artificial intelligence.
The report’s findings were based on data generated by Trend Micro Cloud App Security, an application program interface (API)-based solution that protects a range of cloud-based applications and services.
Atlanta, Georgia-based IBM Security recently conducted a study, which said that of the over 8.5 billion breaches reported in 2019, 85% were due to misconfigured cloud servers and other improperly configured systems.
“Organisations are leveraging the power of software-as-a-service (SaaS)-based applications in greater numbers to drive productivity, cost savings and growth. However, in doing so, they may be opening themselves up to risk if they only rely on built-in security,” Wendy Moore, vice president of product marketing at Trend Micro, said.
The Trend Micro report found over 11 million of high-risk emails blocked in 2019 were phishing related, making up 89% of all blocked emails. The number is 35% higher than the credential phishing attempts made in 2018.
The number of unknown phishing links in such attacks jumped from just 9% of the total in 2018 to more than 44% in 2019. This may demonstrate that scammers are registering new sites to avoid detection.
The report also said that criminals were getting better at tricking the first layer of defense, which typically looks at attacker behaviours and intention analysis of email content, against business email compromise (BEC) attacks.
The percentage of BEC attacks caught by artificial intelligence-powered authorship analysis increased from 7% in 2018 to 21% in 2019, the company said.
The Hallbergmoos, Bayern-based firm said that the second layer of the defense caught threats beyond those detected by the cloud email services’ built-in security.
“As our report shows, built-in security is not enough on its own to stop today’s cybercriminals. Businesses must take ownership of cloud protection and find a multi-layered third-party solution to enhance their platform’s native security functionality,” Moore said.
Emerging phishing techniques outlined in the report include the increasing use of HTTPS and targeting Office 365 administrator accounts. This enables malicious hackers to hijack all connected accounts on the targeted domain and use them to send malware and launch convincing BEC attacks. To this end, the firm said it blocked nearly 4,00,000 attempted BEC attacks, which is 271% more than the 2018 numbers.
Mitigation steps include moving away from a single gateway to a multi-layered cloud app security solution and considering sandbox malware analysis, document exploit detection, and file, email and web reputation technologies to detect malware hidden in Office 365 and PDF documents, the report said. Organisations must also conduct end-user awareness and training programmes, the report added.