Email-based cyberattacks became more frequent, sophisticated, and intense last year, according to the Cofense Intelligence 2023 Annual State of Email Security Report. Cofense, an email security firm, recorded a 569% increase in malicious phishing emails, a 478% increase in credential phishing-related reports, and a 44% increase in malware.
Phishing remains among the most effective attack method because of its simplicity. While advanced malware attacks like Daxin or CoinMiner can dominate media attention and cybersecurity efforts, phishing attacks are frequently responsible for threat actors gaining access to critical data in the first place.
In addition to a spike in credential phishing, Cofense noted an increase in business email compromise (BEC) attacks. The uptick can be attributed to savvier users, said Cofense vice president and CISO Tonia Dudley. “We’ve known for years that BEC is costly to organizations, but the increase in this category indicates that users are doing a better job identifying and reporting these threats,” Dudley explained.
What Can IT Pros Do About Phishing Threats?
When it comes to email security, simulation training remains one of the best defenses, Dudley said. If employees can spot a phishing email and correctly report it, security teams can gain the upper hand.
“It’s critical to provide your security teams with the ability to process those emails … to extract the indicators from the emails,” Dudley added. Organizations can then prevent or stop potential security threats by taking steps such as checking if other users received the same email or pushing indicators to other security controls.
Organizations generally have multiple layers of security controls in place, such as endpoint detection and response, network firewalls, and secure email gateways. To bolster security, IT leaders must stay up-to-date on phishing threat developments so they can continually improve these controls.
What’s on the Horizon?
Threat actors continue to fine-tune their tactics so they can bypass the security controls.
Dudley highlighted the following trends among cybercriminals:
- Threat actors are now pivoting to new file types that might sidestep detection mechanisms.
- Attackers’ delivery mechanisms increasingly use geofencing and user-behavior detection to evade sandboxing controls.
- As organizations continue to move services to a cloud-first model, threat actors exploit legitimate services for their attacks.
