New research from the security firm FireEye has revealed that two thirds of email traffic sent during the first half of 2018 was not considered 'clean' as many emails contained malware-less attacks.
The company's latest Email Threat Report also found that 1 in every 101 emails had malicious intent highlighting the recent increase in email-based threats.
Vice President of email security at FireEye, Ken Bagnall provided further insight on the results of the report, saying:
“Not only is email the most pervasive form of communication, it is also the most popular vector for cyberattacks. This makes email the biggest vulnerability for every organization. From malware to malware-less attacks including impersonation attacks like CEO fraud, a single malicious email can cause significant brand damage and financial losses. By choosing an email security solution with features based on real-time knowledge gained from the frontlines, and by teaching users to always ensure they are communicating with who they think they are, organizations can better defend against attacks.”
As email security solutions have improved at detecting malware, cybercriminals have begun to adapt their attacks and use malware-less assaults such as CEO fraud to target organisations. According to FireEye, the majority of attacks blocked (90%) during the first half of 2018 were malware-less with phishing attacks making up 81 per cent of the blocked malware-less emails.
FireEye also found that attack methods often correlated with the days of the week with Mondays and Wednesdays being popular days for malware-based attacks, malware-less attacks were most likely to occur on a Thursday and impersonation attacks were most likely to fall on a Friday.
Image Credit: Evannovostro / Shutterstock