+61 2 9270 0666

Email Threat Intelligence Review of 2018

Email Threat Intelligence Review of 2018

As 2018 draws to a close we thought it might be worth a look back on the year to see if there’s anything we can learn from email threat intelligence activity for next calendar year. Our review is a frank and ‘matter-of-fact’ and based on our experiences. All the data presented here is what we’ve actually seen in the real world for Australian businesses.

We don’t have an agenda driven by any vendors. And we’re not pushing any products. We’re simply sharing what we’ve seen and sharing some analysis along the way. Hopefully, this report might be able to help you with the direction of your email security.

We’ve seen a steady increase in email activity through 2018. Email volumes are up. The number of attachments emailed is up as is the number of security problems that CIOs boards and IT Managers face.

Over 2018 we’ve seen a shift from malicious attachments in emails to URL-based threats. Our clients have also seen a rise in whaling attacks, or Business Email Compromise scams.

The engagements we’ve had with our clients and the detailed conversations we’ve had with our vendors and suppliers still suggest that security should be concern for all businesses.

We can also say with a level of confidence that security is still perceived as ‘expensive’ and an disruption to staff across the board.

Overall Email Trends

Through 2018, ITConsult will have overseen the delivery of over 18 million emails. During the year, the volume of email grew month on month to over 131%. Outbound email volume grew by nearly 460%.

Total email volume for 2018Of the 12M emails, our clients sent nearly 3 million attachments.

We see no pull-back in the use of email and we believe that email will remain the number one business application in 2019.

With the volume of emails expected to rise and the amount of data sent via email, we feel there is significant risk for every business not to be aware of how an email outage can impact a business.

Similarly, we see significant risk in being blind to email communication and expect an increase in data breach via email.

For every business, having a clear understanding of their own email threat intelligence statistics will be important. Without it, it will be difficult to apply the appropriate levels of security to the right areas.

Whaling attacks or Business Email Compromise (BEC)

Whaling and phishing attacks were certainly on the rise in 2018. While the total number of detected BEC emails was less than 1% when compared to all inbound email, we saw an average of over 50 emails per client blocked. It could only take one of these emails to make it through for any business to suffer a significant financial impact.

BEC / Whaling emails discovered in 2018An average of 50 emails per month per client doesn’t seem to be a large number. During the year, however, BEC email volume increased by over 840% during the year. We expect this number to increase through 2019.

We are also anticipating that those crafting phishing and whaling emails are going to get more creative to avoid anti-phishing processes.

Over the last 18 month’s we’ve worked with businesses that have had over $600k leaked due to  successful BEC whaling attacks. Unfortunately, it’s only after an event such as this where security seems to get the appropriate attention it needs.

There are plenty of organised criminal groups operating on the Internet today. Over time, they have built up their experience in effective social engineering techniques to defraud businesses of money. It’s difficult for busy people to detect fraudulent emails at times.

All those clients who were victims of whaling attacks stepped up their email security significantly and continue to invest improving their overall capabilities through email security products and staff training programs.

Implementing multi-factor authentication on Internet-enabled email accounts is an effective way of preventing unauthorised access to email accounts.

Increasingly, businesses who roll out awareness education on phishing scams are seeing positive results when it comes to staff being able to identify whaling and BEC emails.

Malware through email attachments

Our analysis suggests that malware delivered by email in 2018 was a near non-event. With most email systems incorporating anti-virus and anti-spam technologies there’s seemingly a low risk of malware entering a network via email.

Through attachment management policies, most of our clients are blocking

Email scanning techniques are constantly improving and with vendors implementing zero day protection against malware, coupled with server and endpoint security systems, we can’t see malware posing a big threat when delivered by email.

Threat activity via URL

URLs analysed in emailWhere we do see an increase in activity is through URLs embedded in emails and email attachments. Over 140,000 links were clicked on in emails in 2018. Of those URLs some 2,000 were classified as dangerous and were blocked. We are keeping an active eye on these statistics going into 2019. With an increase of 269% during 2018, we do expect threats activated by URLs in email to increase significantly.

URL threats are particularly dangerous for remote workers, laptop users and those who access corporate email on mobile devices. Oftentimes organisations deploy security platforms that only work while staff are in the office and connected to the network.

Effective URL protection for email is required continuously and regardless of where your staff are when the click on a URL. URLs should be analysed at the time-of-click rather than during email processing.

Email Threat Intelligence Wrap-up

We are actively looking forward to 2019 and seeing how the email security landscape will continue to evolve. As phishing scams increase, we expect see an uptake for business to deploy two-factor authentication and mobile device management to increase security of email accounts.

The focus for organisations to protect personally identifiable information (PII) and other sensitive data should lead to an increase of data loss prevention methods being introduced into email security policies.

In all reality, we expect the see many businesses adapt to new email threats, we expect to see many business continue through 2019 with little change to their security focus.

Unfortunately, there will be a small number that will be affected by a data breach through email which will force some change. Hopefully this number will be low.

Click here To download our State of Email Security Report.

If you have any questions or commentary on our email threat intelligence analysis please get in touch.

     

    ITConsult designs, implements and supports IT environments for Australia‘s medium-large organisations through a portfolio of business IT solutions. Navigating technology today can be a minefield and everyone seems to have an agenda.

    If you'd like to have a good old fashioned talk about what might work for you, please get in touch for an obligation-free, over the phone chat.

     

    • Using shortcuts in Teams can save you heaps of time. Download our handy guide for Microsoft Teams keyboard shortcuts to improve your productivity

    • Essential Eight Cyber Strategy

      There’s a ton of different ways to implement a cyber security strategy these days. Various vendors and suppliers have their own products and methods. With all the choices out there, the Essential Eight cyber strategy is a good place to start. With the Essential Eight, you’ll get a at least a starting point as a basis for your cyber security strategy. Fortunately, it’s easy to implement, it’s not going to break the bank and it will co-exist with other cyber security strategies. The Australian Signals Directorate’s cyber security teams have developed the Essential Eight program. The Essential Eight is a baseline strategy that your business can deploy as a starting point to mitigate against cyber incidents. What is the Essential Eight Cyber Strategy? The essential eight is a set of initiatives that you can implement within your business. Once you’ve deployed the Essential Eight, it’s going to make it harder for the ‘Bad Actors’ to get access to your environment from the outside. The Essential Eight strategies are: Application white listingApplication patchingMicrosoft Office macro configurationApplication hardeningRestricting administration privilegesOperating system patchingMulti-factor authenticationDaily backups To implement many of the ASD’s initiatives, you may not need to put in a lot of effort.

    • 5 ways to protect against identity attacks with Multi-Factor Authentication

      Conventional authentication policies that depend on usernames and passwords alone are no longer secure. As our data evolves, the way we protect access to that data needs to change. Identity attacks are the easiest way into your systems. As we move data from a complete on-premise environment to cloud applications and hosted services, the perimeter of your security footprint has moved. Poor authentication practices are #2 in the list of security risks published by OWASP. Confirmation of your staff’s identity is critical to protect against authentication-related attacks. Cyber criminals know about the security challenges you face. They are actively finding ways to trap your staff into handing over credentials. They are also relying on people’s tendency to re-use passwords everywhere. Often, they’ll use the same password across their work and personal accounts. Here are 5 ways an attacker could gain access to your systems if you only have username and password authentication. There’s no doubt that someone is trying these attacks on your business right now. #1 Broad-based phishing campaigns Why are phishing emails still the number one way of gaining access to someone’s credentials? Simply, the numbers are in their favour. After all this time they are still effective.

    • Office 365 Security Best Practices

      Even though Microsoft’s Office 365 is an easy-to-use platform, securing your data in the cloud is not that simple. Implementing a few Office 365 security best practices can at you’ll have your data in a safer place than it was yesterday. Office 365 is constantly evolving with new features being added every month. Keeping on top of your security posture is critical. Out of the box, Office 365’s settings for data security are fairly weak. We’ve seen organisations that have been in a far worse position than they thought when it came to cloud security. By modernising their security, many business are incorporating a zero trust methodology. This helps to secure sensitive data and improve their ability to defend against modern cyber threats. Office 365 can form part of that zero trust framework if security is planned right. To help get your business in a better position, we’ve put together a list of our top Office 365 security best practices. We aim to configure these principles for all our clients. By implementing this list, we’re sure that your data will be safer and you’ll be back in control. Office 365 Security Best Practices Start With Your Password Policy Password policies

    • Office 365 Email Security

      Out of the box, Microsoft’s Office 365 email security provides some good levels of protection around basic spam and malware filtering. If you want something more substantial that will suit your business, it’s most likely that you need to look at 3rd party products to fill the gap. The Office 365 suite isn’t a one-site fits all platform. Microsoft have built the platform with all it’s tools as a great starting point. In many cases, adding 3rd party products can enhance the functionality and security than the uplift that Microsoft would charge for similar services. You will need to plan your strategy to help thwart the security attacks on your Office 365 email. Industry pundits are already suggesting that phishing scams will be more of a problem than hacking or ransomware. When you’re moving your business to the cloud, managing all the security requirements adds another layer of complexity and consideration. It’s important to make sure you know what you need and what you are getting. What’s in the box with Office 365 Exchange Online Protection? Exchange Online Protection (EOP) includes a lot of features that you would expect in many on-premise email filtering platforms. With Office 365, the included

    Level 1, 237 Mona Vale Road
    St Ives NSW 2075 Australia

    Phone: +61 2 9270 0666

    PO Box 731
    St Ives NSW 2075 Australia

    © 2024 The IT Consultancy Group Pty Ltd. All Rights Reserved.

    Privacy Policy | Disclaimer | Acceptable Use Policy | Fair Use Policy