Cloud-based Email Threats Capitalized on Chaos of COVID-19

Trend Micro intercepted a surge in malware, phishing and credential theft

HONG KONG SAR – Media OutReach – 4 March 2021 – (;),
the leader in cloud security, today revealed that it blocked 16.7 million
high-risk email threats that slipped past webmail providers’ native filters.
This amounts to an increase of nearly a third on 2019 figures.

The new
statistics are provided by Trend Micro’s Cloud App Security (CAS), an API-based
solution that provides second-layer protection for Microsoft Exchange Online,
Gmail, and a host of other services.[i]

To read
the full Trend Micro Cloud App Security Threat Report 2020, please visit here.

“COVID-19
forced many organizations to accelerate their digital adoption plans, and SaaS
apps have become indispensable to remote workers. However, where there are
users, there are also threats and we’ve seen a spike in attacks targeting
organizations’ perceived weakest link during the pandemic,” said Tony Lee, Head
of Consulting at Trend Micro Hong Kong and Macau. “Trend Micro Cloud App Security has been indispensable
in providing an extra layer of protection — each one of those nearly 17 million
threats previously missed represents a risk of corporate data theft, ransomware
and fraud.”

Detections of
malware, credential theft and phishing emails all recorded double-digit
year-on-year increases in 2020, while BEC volumes dropped slightly.

Malware-laden
emails: Trend Micro
detected 1.2 million emails containing malware that would otherwise have
appeared in users’ inboxes, up 16% on 2019 figures. These included many Emotet
and Trickbot attacks which are often the precursor to targeted ransomware.

Phishing: Trend Micro intercepted over 6.9
million phishing emails in 2020, a 19% increase from the previous year.
Discounting credential phishing, the number of threats in this category surged
41% over the period. COVID-19 was a common lure, as were big-name brands like
Netflix that have become popular during the pandemic. Attackers were typically
looking for personal and financial information to monetize.

Credential
phishing: Trend Micro
detected nearly 5.5 million attempts to steal users’ credentials that were
allowed through by existing cloud native security filters. This was a 14% increase
on 2019 and accounted for the vast majority of detected phishing emails.
Attackers are increasingly supplementing these with phone-based vishing
attacks.

Business
email compromise (BEC): Although
BEC detections declined 18% year-on-year, average losses continue to rise –
increasing 48% from the first to the second quarter of 2020.

Trend Micro
Cloud App Security offers comprehensive multi-layered protection for platforms
such as Microsoft 365 and Google Workspace via:

 

• Machine learning-powered Writing Style DNA to spot BEC
• Computer vision and AI for credential phishing detection
• Sandbox malware analysis
• Document exploit detection
• File, email, and web reputation technologies
• Data loss prevention (DLP)

Trend Micro
Vision One, a comprehensive XDR solution providing investigation, detection,
and response across your endpoints, email, network, and servers.