SecurityBrief Asia logo
Story image

Cloud-based email threats capitalising on chaos of COVID-19

Cloud-based email threats are capitalising on the chaos of COVID-19, according to Trend Micro.

The cloud security firm says it blocked 16.7 million high-risk email threats that slipped past webmail providers' native filters, an increase of nearly a third on 2019 figures.

The new statistics are provided by Trend Micro's Cloud App Security (CAS), an API-based solution that provides second-layer protection for Microsoft Exchange Online, Gmail, and a host of other services.

"COVID-19 forced many organisations to accelerate their digital adoption plans, and SaaS apps have become indispensable to remote workers," says Tony Lee, head of consulting at Trend Micro Hong Kong and Macau.

"However, where there are users, there are also threats and we've seen a spike in attacks targeting organizations' perceived weakest link during the pandemic," he says. 

"Trend Micro Cloud App Security has been indispensable in providing an extra layer of protection -- each one of those nearly 17 million threats previously missed represents a risk of corporate data theft, ransomware and fraud."

Detections of malware, credential theft and phishing emails all recorded double-digit year-on-year increases in 2020, while BEC volumes dropped slightly.

Malware-laden emails
Trend Micro detected 1.2 million emails containing malware that would otherwise have appeared in users' inboxes, up 16% on 2019 figures. These included many Emotet and Trickbot attacks, which are often the precursor to targeted ransomware.

Phishing
Trend Micro intercepted over 6.9 million phishing emails in 2020, a 19% increase from the previous year. Discounting credential phishing, the number of threats in this category surged 41% over the period. COVID-19 was a common lure, as were big-name brands like Netflix that have become popular during the pandemic. Attackers were typically looking for personal and financial information to monetise.

Credential phishing
Trend Micro detected nearly 5.5 million attempts to steal users' credentials that were allowed through by existing cloud native security filters. This was a 14% increase on 2019 and accounted for the vast majority of detected phishing emails. Attackers are increasingly supplementing these with phone-based vishing attacks.

Business email compromise (BEC)
Although BEC detections declined 18% year-on-year, average losses continue to rise -- increasing 48% from the first to the second quarter of 2020.

Trend Micro Cloud App Security offers comprehensive multi-layered protection for platforms such as Microsoft 365 and Google Workspace via:

Machine learning-powered Writing Style DNA to spot BEC Computer vision and AI for credential phishing detectionSandbox malware analysisDocument exploit detectionFile, email, and web reputation technologies Data loss prevention (DLP)

Trend Micro Vision One, a comprehensive XDR solution providing investigation, detection, and response across endpoints, email, network, and servers.

It also protects various cloud-based applications and services, including Microsoft 365, OneDrive for Business, SharePoint Online, Google Drive, Box, Dropbox, and Salesforce.

Story image
Remote work continues, and endpoint security cited as a must
Nearly half of workers will stay remote after the pandemic ends, and two out of three IT professionals are concerned with endpoint misuse, according to Prey Software's new study.More
Story image
IoT connections to generate $16 billion in security revenue as new threat vectors arise
"There are limited IoT security solutions in the market, due in large part to the fragmented nature of the IoT itself."More
Story image
Egnyte ensures greater security across Microsoft 365 with latest integrations
The new integrations are aimed at helping mid-sized organisations prevent data loss, address a growing number of regional privacy regulations, and simplify the overall management of content with minimal administrative overhead.More
Story image
iland and Cohesity form alliance, target data protection market
"Together with Cohesity, we will deliver elegant and cutting-edge solutions that will take our joint customers’ digital transformation projects to the next level."More
Story image
Five things ANZ businesses should know about storing customers’ data
Businesses need to correlate events intelligently across multiple threat surfaces, application layers, and time spans to connect event A, to event B, to event C — even if they are months apart.More
Story image
Zscaler expands CIEM solutions with Trustdome acquisition
Zscaler, the cloud security company, has officially entered into a definitive agreement to acquire Trustdome, a Cloud Infrastructure Entitlement Management (CIEM) company.More