Businesses are still facing a large-scale threat from phishing campaigns, despite many saying they have upped email security in recent months.
New research from Cofense has found that a huge proportion of phishing threats are managing to slip through supposedly secure email gateways.
The company's report found that of the 31,000 malicious emails verified over a six month period, 90 per cent were found in environments running one or more secure email gateways (SEGs).
The vast majority of phishing threats detected over a six month period from October 2018-March 2019 were credential theft (74 percent), with malware delivery (15 percent) and business email compromise (nine percent) also posing a threat.
The threats are appearing despite many businesses spending highly on boosting their email security and cyber defences as a whole, showing how adaptable criminals have become in recent years.
“Adversaries are constantly evolving their techniques and changing their infrastructure to complicate detection, meaning that indicators of compromise (IOCs) can grow stale extremely quickly. For holistic defense, users need to be prepared to identify and report any threats that do reach their inbox,” said Aaron Higbee, Co-Founder and CTO, Cofense.
“Automated technical defense controls must be blended with a human element in today’s threat landscape. While timely threat intelligence helps head-off attacks and drown out the noise so that SOC teams can prioritize and focus on the most pernicious threats, Cofense is observing an ever-increasing surge of malicious emails that reach user inboxes daily. Once a message reaches an inbox, that end user is your last line of defense.”