Skip to main content

These were some of the biggest email security threats of last year

(Image credit: Image source: Shutterstock/Bloomicon)

Covid-19-themed email threats still dominate the email threat landscape, a new report from cybersecurity experts Trustwave says. These threats are often combined with malicious Office documents and compromised Office 365 accounts for maximum impact. 

According to the report, Microsoft Excel file attachments were the single biggest attachment type used by criminals last year, as they took up 39 percent of all malicious files shared (up from just seven percent a year prior). Of all those files, almost half (43 percent) used Excel 4.0 macros.

To distribute the malicious content, criminals will often use compromised Google and Microsoft cloud-based email accounts, it was said. More than half of all Business Email Compromise (BEC) emails came from Gmail accounts. 

Criminals prefer to “piggyback” on popular and free cloud-based services for two reasons - because of their popularity, and their accessibility/low cost. 

“The bad guys don’t like to pay for infrastructure costs anymore than the next guy!” said Phil Hay, Senior Research Manager, Email Security and Malware Analysis at Trustwave SpiderLabs, in his commentary of the report. 

Besides Excel files, criminals have also started using novel file types such as the .jnlp attachment, the report further stated. 

Looking at the threat landscape in general, one might think malware numbers were relatively low last year, as well as this year. Hay says that while on the surface that may appear to be the case, it’s actually a “return to more ‘normal’ levels of malware, percentage-wise”. 

“The period from 2016-2018, was an abnormally high period of activity; the Necurs botnet, in particular, drove a massive number of spammed malware downloaders, leading to widespread ransomware and various other infections. It’s also worth noting that the longer-term trend of lower spam volumes, fewer and smaller botnets, resulting in less volume of email-borne malware. That does not negate the fact that there are still operators disseminating their malware via email, so the threat remains very much alive, just on a slightly smaller scale,” he concluded.