Barracuda Networks' latest eBook takes an in-depth look at the top email threat types that have been observed in recent months, including their risks and impact on business, with guidance on how companies can address the gaps in email gateway security and achieve total email protection against attacks.
Fighting increasingly complex email threats
The email and phishing threats faced by organisations today vary greatly in complexity, volume, and the impact they have on businesses and their employees. There are a number of distinct categories of email threats:
These are unsolicited, high-volume messages generally of a commercial nature, which are sent without regard to the recipient’s identity.
This is software specifically designed to cause damage to technical assets, disrupt operations, exfiltrate data, or otherwise gain access to a remote system. Malware is usually
distributed through email attachments or URLs leading to malicious content.
- Data Exfiltration
These types of attacks occur when data is copied or retrieved from a remote system without the owner’s consent. It can occur maliciously or accidentally.
These emails attempt to trick an end user into believing the message is from a trusted person or organisation to get them to take an action like disclosing credentials, wiring money, or logging into a legitimate account on an attacker’s behalf.
This category includes any attack where the malicious actor pretends to be a person, organisation, or service. It’s a broad super-set of attacks that usually go hand in hand with phishing.
Breaking down the 13 threat types
Within these highlighted categories are 13 threat types of varying complexity that require different security approaches for the most effective overall defence. As hackers often combine various techniques in their campaigns, some of these attacks are commonly used in conjunction with others. For example, many spam messages include phishing URLs, and it’s not uncommon to see a compromised account be used in internal or lateral wire fraud. Understanding the nature and characteristics of these attacks helps build the best protection for your business, data, and people.
Here’s a look at the top 13 email threat types ranging from the least to most complex:
In this article we will be detailing a brief overview for each of the 13 email threat types - for the full insights and trends download your copy of the full eBook below:
Spam is unsolicited bulk email messages, also known as junk email. Spammers typically send an email to millions of addresses, with the expectation that only a small number will respond to the message.
Accounting for 53% of the world's email traffic, Spam impacts server traffic and productivity, and can be used to distribute malware and large-scale phishing attacks.
Cybercriminals use email to deliver documents containing malicious software, also known as malware. Typically, either the malware is hidden directly in the document itself, or an embedded script downloads it from an external website.
94% of malware is delivered via email, with common types including viruses, Trojans, spyware, worms, and ransomware.
Data exfiltration - or data theft - is the unauthorised transfer of data from a computer or other device. It can be conducted manually via physical access to a computer and as an automated process using malicious programming on the internet or a network.
Attacks are typically targeted, with the objective of gaining access to a network or machine to locate and copy specific data. In addition to malicious attacks, data is frequently lost accidentally due to human error.
In phishing attacks, cybercriminals try to obtain sensitive information for malicious use, such as
usernames, passwords, or banking details. With URL phishing, cybercriminals use email to direct their victims to enter sensitive information on a fake website that looks like a legitimate website.
Unfortunately about 4% of recipients in any given phishing campaign click on the malicious link, and hackers only need one person to let them in.
With email scamming, cybercriminals use fraudulent schemes to defraud victims or steal their
identity by tricking them into disclosing personal information. Examples of scamming include fake job postings, investment opportunities, inheritance notifications, lottery prizes, and fund transfers.
Scamming accounts for 39% of all spear phishing attacks, and include a variety of different techniques ranging from fake lottery wins to investment scams.
Spear phishing is a highly personalised form of email phishing attack. Cybercriminals research
their targets and craft carefully designed messages, often impersonating a trusted colleague,
website, or business.
Spear phishing emails typically try to steal sensitive information, such as login credentials or financial details, which is then used to commit fraud, identity theft, and other crimes.
Cybercriminals also take advantage of social-engineering tactics in their spear-phishing attacks, including urgency, brevity, and pressure, to increase the likelihood of success.
Domain impersonation is often used by hackers as part of a conversation-hijacking attack.
Attackers attempt to impersonate a domain by using techniques such as typosquatting,
replacing one or more letters in a legitimate email domain with a similar letter or adding a hard-to-notice letter to the legitimate email domain.
An analysis of about 500,000 monthly email attacks throughout H2 of 2019 shows a 400-percent increase in domain-impersonation attacks used for conversation hijacking
Brand impersonation is designed to impersonate a company or a brand to trick their victims into responding and disclosing personal or otherwise sensitive information.
Common types of brand impersonation include service impersonation, in which the attacker mimicks a well-known company or business application, and brand hijacking, in which the attacker impersonates a company or one of its employees through domain spoofing.
Blackmail scams, including sextortion, are increasing in frequency, becoming more sophisticated, and bypassing email gateways.
In these attacks cybercriminals leverage usernames and passwords stolen in data breaches, using the information to contact and try to trick victims into giving them money.
The scammers claim to have a compromising video, allegedly recorded on the victim’s computer, and threaten to share it with all their contacts unless they pay up.
Business Email Compromise:
In BEC attacks, scammers impersonate an employee in the organisation in order to defraud
the company, its employees, customers, or partners. In most cases, attackers focus their efforts
on employees with access to the company’s finances or personal information, tricking individuals into performing wire transfers or disclosing sensitive information.
These attacks use social-engineering tactics and compromised accounts, and they often include no attachments or links.
With conversation hijacking, cybercriminals insert themselves into existing business conversations or initiate new conversations based on information they've gathered to steal money or personal information.
Conversation hijacking can be part of an account takeover attack, in which attackers will spend time reading through emails and monitoring the compromised account to understand business operations and learn about deals in progress, payment procedures and other details.
With lateral phishing, attackers use recently hijacked account to send phishing emails to unsuspecting recipients, such as close contacts in the company and partners at external organisations, to spread the attack more broadly.
Because these attacks come from a legitimate email account and appear to be from a trusted colleague or partner, they tend to have a high success rate.
Account takeover is a form of identity theft and fraud, where a malicious third party successfully gains access to a user's account credentials. Cybercriminals use brand impersonation, social engineering, and phishing to steal login credentials and access email accounts.
Once the account is compromised, hackers monitor and track activity to learn how the company does business, the email signatures they use, and the way financial transactions are handled. This helps the launch successful attacks, including harvesting additional login credentials for other accounts.