It's no secret that most data breaches originate with end-users. Despite increased employee training, and frequent high-profile data breaches in the news, many employees continue to view their email and devices as inherently secure. Given the rise in social engineering, SPAM-based phishing attacks, and malware laced messages, this couldn't be further from the truth.
To better understand how these email threats continue to predominate, researchers at Symantec took a year long account of the evolving landscape. Their findings, featured in the 2017 "Internet Security and Threat Report," highlight both the macro and mezzo view of email security, covering topics including target industries, and recurring trends in malicious content.
Overall, email-borne malware detection rates actually decreased this past year. In 2016, 1 in 131 emails contained malware, where as in 2017, only 1 in 412 did. Symantec attributes the significant dip to a dormant first quarter for the Necurs' botnet. Necurs is one of the largest spam botnets in the world, with an estimated 6 million "zombie endpoints." From banking Trojans to pump and dump investment schemes, Necurs has been deploying compromised emails in the millions, since 2012. Necurs was relatively quiet during the first months of 2017, accounting for the considerable decrease in email malware detections.
Of those detected, certain categories kept emerging. The five most popular were:
- Bills (15.9%)
- Email Delivery Failure (15.3%)
- Legal/Law Enforcement (13.2%)
- Scanned Document (11.5%)
- Package Delivery (3.9%)
These categories make sense—all connote a sense of urgency, prompting users to respond without forethought and precaution. There were also certain recurring keywords, including:
- delivery (12.1%)
- mail (11.8%)
- message (11.3%)
- sender (11.2%)
- your (11.2%)
Others that broke the top ten include: returning, failed, invoice, images, and scanned. That said, these malicious emails were not evenly distributed, as certain industries attracted more attention from cybercriminals than others. In terms of email malware by industry, public administration was the most frequently targeted, with 1 in 120 emails being compromised. Manufacturing, construction, services, finance, insurance, and real estate were also within the top eleven:
|Industry||Email Malware (% of total vol.)||Spam Rate (% of total vol.)|
|Finance, Insurance, and Real Estate||16.6%||55.2%|
Employees in the manufacturing industry were receiving an average of 25.5 email viruses annually. For construction, the number was 18.1, and for finance, insurance, and real estate, it was 9.1. While alarming, these rates were overshadowed by public administration, where the average user was hit with 53.1 email viruses annually.
So how are these threats being delivered? The two most common means of distributing malware via email is through links and attachments. Attachments are generally more common - containing a script that, once downloaded, runs malicious code. Links to malicious codes are used less frequently, because they are usually blocked by spam or web filtering solutions. Still, link-based malware grew 10.7% in 2017.
Tip: Links and attachments can be threats of the past! Here are 6 ways Mimecast Email Security protects your inbox.
Another key take away from Symantec's findings, was that email malware does not discriminate based on company size. Since massive corporate hacks gain the lion's share of coverage, this can create a false sense of security for smaller companies. However, more than half of the data breaches reported in Massachusetts in 2017 were for companies with under 250 employees. In terms of email malware, Symantec reported:
|Company Size||Email Malware Rate|
|1 - 250||1 in 376|
|251 - 500||1 in 306|
|501 - 1,000||1 in 425|
|1,001 - 1,500||1 in 244|
|1,501 - 2,500||1 in 355|
|2,501+||1 in 512|
Securing Your Inbox
Fortunately, there are a number of preventative choices that will help mitigate these threats. Consider leveraging a first line of defense, reducing the likelihood that your end-users come into contact with malicious emails. iCorps' email filtering protects against SPAM, viruses, phishing, denial of service, directory harvest attacks, and more. This service helps keep your Inbox safe, identifies threat patterns, and protects sensitive email content. iCorps partners with Mimecast, providing a number of cloud-based email security services for advanced email management and email compliance. Here are 6 Reason Why Your Inbox Needs Mimecast Email Security.
Protection From Other Attack Vectors
While email security is an important element in maintaining a strong cybersecurity posture, it is just one of many factors that contribute to a secure computing environment. iCorps’ Managed Security solution is based on a “Defense in Depth” model. The idea is that your network should have more than one layer for each security category. iCorps' Managed Security supplies:
- Web content filtering
- Strong two-factor authentication
- Intrusion detection and prevention
- Firewall with deep packet inspection
Learn about iCorps' Managed Security offerings, including anti-virus email software, today.