Tessian | New Data Finds Employees in Retail Industry Most Targeted by Malicious Emails


New Tessian report reveals how 2 million emails, flagged as malicious, bypassed conventional e-mail defenses in 12 months and explains the highest phishing strategies utilized by cybercriminals

SAN FRANCISCO. September 21, 2021 – Two million malicious emails bypassed conventional e-mail defenses, like safe e-mail gateways, between July 2020-July 2021, in accordance with a brand new report from Human Layer Security firm Tessian. These emails had been flagged by inbound e-mail safety software Tessian Defender as malicious and analyzed by Tessian researchers to disclose the ways cybercriminals use to hold out superior spear phishing assaults that bypass defenses.

Tessian State of Spear Phishing Report

Tessian State of Spear Phishing Report

Who’s being focused and the way?
The retail trade was focused most frequently throughout this era, with the common worker on this sector receiving 49 malicious emails a yr. This is considerably increased than the general common of 14 emails detected per consumer, per yr. Employees within the manufacturing trade had been additionally recognized as main targets, with the common employee receiving 31 malicious emails a yr.

To evade detection and trick staff, attackers used impersonation strategies. The commonest tactic was show title spoofing (19%), whereby the attacker modifications the sender’s title and disguises themselves as somebody the goal acknowledges. Domain impersonation, whereby the attacker units up an e-mail tackle that appears like a legit one, was utilized in 11% of threats detected by Tessian. These delicate nuances within the e-mail area aren’t at all times simple to identify.

The manufacturers most definitely to be impersonated within the emails detected between July 2020 and July 2021 had been Microsoft, ADP, Amazon, Adobe Sign and Zoom – the latter seemingly spurred on by the shift to distant working.

Account takeover assaults had been additionally recognized as a serious menace, an assault vector that, on common, prices companies $12,000. In this case, the malicious emails come from a trusted vendor or provider’s legit e-mail tackle, and certain gained’t be flagged by a safe e-mail gateway as suspicious. Tessian information discovered that account takeover comprised 2% of malicious emails analyzed, and the authorized and monetary companies industries had been focused most by this sort of assault.

What’s the motive?
While emails containing attachments had been as soon as a preferred “spray and pray” methodology to trick folks into downloading malware, Tessian discovered that lower than one-quarter (24%) of the emails flagged contained an attachment. In addition, 12% of malicious emails contained neither a URL or file – an indication that attackers are transferring away from utilizing typical indicators of an assault. Links, nevertheless, do nonetheless show to be a preferred and efficient payload, with virtually half (44%) of malicious emails containing a URL.

While credential theft is rising in reputation amongst cybercriminals at this time, Tessian discovered extra key phrases associated to “wire transfers” than “credentials” in its evaluation. This means that the motive behind these assaults remains to be largely targeted on monetary achieve.

When are folks most weak?
Most malicious emails had been delivered round 2 p.m. and 6 p.m. within the hopes {that a} phishing e-mail, despatched throughout the late afternoon, will slip previous a drained or distracted worker. Attackers additionally capitalized on particular occasions of the yr. Tessian discovered the largest spike in malicious emails instantly earlier than and following Black Friday, a time when many individuals anticipate to obtain a surge of emails touting offers and attackers can leverage the “too-good-to-be-true” offers and use them as lures of their scams.

“Gone are the days of the bulk spam and phishing attacks, and here to stay is the highly targeted spear phishing email. Why? Because they reap the biggest rewards,” mentioned Josh Yavor, Tessian’s Chief Information Security Officer.

“The problem is that these types of attacks are evolving every day. Cybercriminals are always finding ways to bypass detection and reach employees’ inboxes, leaving people as organizations’ last line of defense. It’s completely unreasonable to expect every employee to identify every sophisticated phishing attack and not fall for them. Even with training, people will make mistakes or be tricked. Businesses need a more advanced approach to email security to stop the threats that are getting through – the attacks that are causing the most damage – because it’s not enough to rely on your people 100% of the time.”

Read the complete report right here: https://www.tessian.com/research/spear-phishing-threat-landscape/?utm_medium=online&utm_source=pr or study extra about Tessian Defender by visiting www.tessian.com

— ENDS —

About the Research
Tessian researchers analyzed the emails flagged by its inbound e-mail safety answer, Tessian Defender, between July 2020 and July 2021.

About Tessian
Tessian’s mission is to safe the human layer by empowering folks to do their greatest work, with out safety getting of their means. Using machine studying expertise, Tessian mechanically predicts and eliminates superior threats on e-mail attributable to human error – like information exfiltration, unintended information loss, enterprise e-mail compromise and phishing assaults – with minimal disruption to staff’ workflow. Founded in 2013, Tessian is backed by famend traders like Sequoia, Accel, March Capital and Balderton Capital.

Press contact
Laura Brooks | Tessian
[email protected]


Source hyperlink

Leave a Comment