At this year’s World Economic Forum, cybersecurity was identified as a significant global concern. As the number of devices has surpassed the number of people, data protection is a threat that businesses cannot ignore. And since new forms of attacks develop every day, it’s worth taking a look at email attacks to watch out for in 2019.
Phishing is a common form of cyber scam. As such, users are aware of the threat and can successfully recognize and handle the risk. However, it has led cybercriminals to develop a new form of phishing scam called pharming.
It’s a form of attack that has its roots in domain name system (DNS) cache poisoning. So, instead of regular user information pharmers target DNS servers to change IPs and redirect users to malicious websites, while the attack is initiated via email.
As only a limited number of companies are aware of the problem, it’s one you should certainly look out for in 2019.
2. Business Email Compromise (BEC)
Business email compromise (BEC) is a (mostly) social engineered email attack that attackers use to impersonate top-level executives of companies to trick employees into wiring money transfers to their accounts. Attackers are successful by correctly imitating personal traits, visual imagery and other details from the impersonated person, and by using very similar email addresses. According to an FBI announcement, businesses in the United States lost $5.3 billion to this type of attack and, in 2019, this form of email threat will likely keep growing.
3. Malware in attachments or via a link to a malware site
A recent survey revealed that one in nine email users encountered malware in their email inbox in 2017. Not only that but users are also twice as likely to come across malware via email than other methods of attack, such as exploit kits.
There are two basic forms of infecting a user: one is having the malware hidden in an attachment, the other is by using fake links, in the email or in attachment documents, which will take the users to websites where malware is automatically downloaded and installed.
The number of total malware registered is on the rise. There are over 835 million different types encountered in 2018, and if the trend continues as in previous years, the number is projected to reach over 1 billion by 2020.
Ransomware (a type of malware) is a particularly high threat, as it is usually released during email attacks like phishing or spam attacks. As a user opens the risky email and clicks on a link or downloads an attachment, the ransomware infects secure database systems and encrypts data until a ransom is paid.
According to a number of statistics, the amount of ransomware is in decline in 2018, but there is a new surge of attacks as more companies switch to cryptocurrency, like Bitcoin. And this will be a major problem, since 42% of enterprises worldwide have already been attacked by cryptominers, resulting in significant losses for the companies.
The classic Spam definition - unwanted emails around commercial aspects continues to be a trend - it was over 55% all emails in 2017, and it is slowly increasing. The development of new spambots is responsible for this trend as many are exclusively sent during spam attacks. The most common spambots include types like Necurs, BlankSlate, Fioesrat, Pandex, Oliner, Sarvdap, Waledac and others. Most spam is simply annoying, but they serve as for frauds, and for every other form of attacks, including Email Malware.
6. Snowshoe Spamming
Snowshoe spam is a type of spam attack where the spam is distributed across multiple domains and IPs to decrease reputation metrics which allow it to avoid spam filters. It is also what makes it difficult to detect, which means many spams reach the destined unprotected inbox.
What’s also different is that this type of spam uses social engineering. Unlike other spam, snowshoe spam disguises as a legit business, which makes it seem more reputable to users. As this form of attack is relatively new, it is likely we might see a surge in 2019.
How to Keep your Email Safe
AnubisNetworks offers enterprise email protection services that can improve email security for your business and integrate with any existing architecture. Our Email Protection Service gives you a reliable security option that can monitor inbound/outbound traffic which is highly successful against evolving and new email threats.