The private testing has started!

Blog Watch out for these email security trends

Please, mind this article is being drafted or rewritten and may contain imperfections. It has not been yet reviewed for final publication.

In 1965, the Massachusetts Institute of Technology (MIT) invented the first version of what came to be known as email. Proprietary email systems began to appear in the 1970s and early 1980s.

To this day, the mail system has been developed and improved countless times. The email has become faster and more convenient as more email providers enter the market.

In the early days of email, network security wasn't an issue. But at any time, cyber security threats are on the rise and becoming more and more serious. People gradually realize the importance of protecting their online security and privacy.

Digital security firm Fortinet pointed to issues such as spam, malware, phishing and ransomware in its 2020 State of Email Security report. For example, 1 in 3,000 messages contains malware, including ransomware.

According to Campaign Monitor, an organization with 100 employees receives an average of 121 emails per day, at least 4 of which were malware-infected emails.

The advent of encrypted mail solved this problem by giving people the opportunity to communicate more securely and [anonymously] (/blog/master-the-art-of-anonymous email address) online.

Here are the top 7 security email trends to watch in 2022:

Phishing and 2FA

Two-factor authentication is a security solution that protects our online accounts when logging in. At the very least, it can stand up to automated bot hackers. However, it's only a matter of time before scammers and hackers find a way around it.

Hackers do this not through complex codes and algorithms, but through social engineering. For example, phishing. This is how fraudsters trick victims into obtaining a one-time password from their SMS message during the verification 2FA process. For example, in 2018, Reddit data breach, Yahoo, Linkedin and Deloitte data breaches. These Hackers bypass 2FA on a massive scale.

More businesses will be targeted by phishing

In the future, we may see fewer malware attacks. But phishing and other social engineering tactics will happen on a larger scale and will target more businesses.

Email leaks will be the biggest security threat to email

According to Financial Crimes Enforcement Network (FinCEN), the number of Business Email Compromises (BEC) reports rose to an average of more than 1,100 per month in 2018, compared to a total of 500 in 2016.

In 2020, BEC caused many business losses, a favourite among email scammers.

How does BEC work?

Hackers take over business email accounts by any means. But they don't do anything. Instead, they wait, monitoring communications. They impersonate legitimate entities throughout the supply chain when they have enough information.

Email List Targeting Attackers start by building a targeted email list. Common tactics include:

  1. Mining LinkedIn profiles. Filter the business email database. Even search for contact information through various websites.

  2. Launch the attack Attackers start rolling out their BEC attacks by sending mass emails. It is difficult to identify malicious intent at this stage, as attackers will utilize tactics such as spoofing, lookalike domains, and fake email names.

  3. Social Engineering At this stage, the attacker will impersonate an individual within the company, such as the CEO or other individuals in the finance department. Emails requesting urgent responses are common.

  4. Financial Benefit If an attacker can successfully establish trust with an individual, this is often the stage of financial gain or data breach.

In fact, compared to 2020, attackers are more active in 2021. on "bulk" (i.e. indiscriminate) phishing Reports of attacks increased by 12%. More targeted attacks, including spear-phishing and business email compromise (BEC), increased by about 20 per cent.

BEC new players

Regarding business email breaches, 2020 and beyond will see new threat actors emerge. Especially Destructive BEC attacks by West African cybercrime groups (especially Nigeria).

Genetic research and healthcare companies become key targets

Hackers are always looking for targets with rich data. If those goals are also relatively easy, it's a win-win for them.

Cybercriminals have targeted genetics and healthcare companies. And, they try to gain access to these companies' databases to steal data (including patient family estates, medical records, etc.).

More precise ransomware attacks

Many reports of ransomware have dwindled in recent years, and you don't think it's an issue anymore. According to Sophos, the survey surveyed 5,400 IT decision-makers in mid-sized organizations in 30 countries across Europe, the Americas, Asia Pacific and Central Asia, and the Middle East and Africa.

While the number of organizations hit by ransomware dropped from 51% surveyed in 2020 to 37% in 2021, and fewer organizations experienced data encryption as a result of major attacks (54% in 2021 compared to 73% in 2020). The new findings show a worrying upward trend, especially in terms of the impact of ransomware attacks.

The average cost of remediating a ransomware attack has doubled over the past 12 months. Remediation costs, including business downtime, lost orders, operating costs, etc., increased from an average of $761,106 in 2020 to $1.85 million in 2021. This means that the average cost of recovering from a ransomware attack is ten times the ransom payment amount.

The average ransom paid was $170,404. While $3.2 million was the highest payment among respondents, the most common payment was $10,000. Ten organizations paid ransoms of $1 million or more.

The number of organizations paying ransoms increased from 26% in 2020 to 32% in 2021, although less than one in 10 (8%) had access to all their data.

Phishing Kit Price Increase

A complete phishing kit is easily available online.

Prices of phishing kits have risen, up 149 from an average of $122 in 2018 %, to $304 in 2019.

However, from 2018 to 2019, the number of phishing kit sellers increased by 120%.

Conclusion

The above trends are not good news for individuals and organizations. At the same time, it also pointed out a more urgent need for people to protect the online security of individuals or organizations from hackers and scammers. And the growing demand for secure business email providers.

The use of insecure email by individuals and businesses is one of the root causes of the problem. If your employees don't know how to send documents securely over the Internet, they are more vulnerable to cybercriminals.

If you use a more secure anonymous email, these hackers can no longer threaten you. Liverado is a secure, anonymous email provider. It has security features against email threats, end-to-end encryption, zero-access encryption, phishing protection, spam filter, open-source, etc.

Ready to join Liverado? Start your free 14-day trial today.