Download PDF version Contact company

Abnormal Security, provider of a cloud-native email security platform that leverages behavioural data science to stop modern email attacks released its Q3 2021 Email Threat Report.

It examines the escalating adverse impact of socially-engineered and never-seen-before email attacks, and other advanced email threats both financial and reputational to organisations worldwide.

Findings of Q3 2021 Email Threat Report

The report surveyed advanced email attacks across eight major industry sectors, including retail and consumer goods; manufacturing; technology; energy and infrastructure services; medical; media and television; finance; and hospitality.

Key findings include:

  • 32.5% of all companies were targeted by brute force attacks in early June 2021
  • 137 account takeovers occurred per 100,000 mailboxes for members of the C-suite
  • 61% of organisations experienced a vendor email compromise attack this quarter
  • 22% more business email compromise attacks since Q4 2020
  • 60% chance of a successful account takeover each week for organizations with 50,000+ employees
  • 73% of all advanced threats were credential phishing attacks
  • 80% probability of attack every week for retail and consumer goods, technology, and media and television companies

Credential phishing, brute force attacks

Credential phishing provides the access needed to send other attacks such as ransomware, malware

Over the quarter, Abnormal researchers saw a significant increase in credential phishing, as well as brute force attacks, which are used to obtain personal information such as passwords, passphrases, and usernames through a string of continuous, automated attempts.

Once accessed, compromised accounts can be leveraged to send additional attacks on coworkers, partners, and vendors, and provide the credentials necessary to infiltrate other parts of the organisation. Credential phishing and account takeover is also major issue because it provides the access needed to send other more nefarious types of attacks such as ransomware and malware.

Increased socially-engineered attacks

Socially-engineered attacks are dramatically rising within enterprises, worldwide, creating unprecedented financial and reputational risks,” said Evan Reiser, CEO, of Abnormal Security. “These never-before-seen attacks are becoming more sophisticated with every passing day."

"They don’t contain indicators of compromise, such as links, attachments, and reputational risks, so they evade secure email gateways and other traditional email infrastructure, landing in inboxes where unsuspecting employees fall victim to their schemes, which include ransomware."

Analysis of attack

Any subtle deviations from this baseline expose the possibility of a threat or attack"

"To effectively protect against these attacks, we can no longer rely only upon established threat intelligence."

"We need to look farther to comprehensively understand employee and vendor identities, their relationships, all with deep context, including content and tone to baseline good behaviour. Any subtle deviations from this baseline expose the possibility of a threat or attack.”

Need for email security system

The report also underlines that impersonation is on the rise, with threat actors using both well-known brands and internal automated systems to trick their victims into submitting credentials, revealing sensitive data, or sending money.

Impersonation of internal systems like IT Help Desk and IT Support rose 46% over the past two quarters. This increase in specific types of impersonation shows the extent to which cybercriminals are willing to change their tactics, and highlights the need for an email security system that will detect ever-evolving threats.

Download PDF version Download PDF version

In case you missed it

How can the industry do a better job of promoting emerging technologies in physical security environments?
How can the industry do a better job of promoting emerging technologies in physical security environments?

By all accounts, technology development is moving at a rapid pace in today's markets, including the physical security industry. However, market uptake of the newest technologies ma...

Dahua & KITT Engineering's LED screen innovations
Dahua & KITT Engineering's LED screen innovations

About a year and a half ago, Peter de Jong introduced Dahua to Fred Koks, General Manager of KITT Engineering. Since then, Dahua, KITT Engineering, and Ocean Outdoor have complete...

Protect assets with BCD's hybrid cloud NVR solutions
Protect assets with BCD's hybrid cloud NVR solutions

Like any retail franchise, car dealerships that have multiple locations nationwide require comprehensive, reliable, and scalable video surveillance solutions to protect their busin...

Quick poll
What is the most significant challenge facing smart building security today?