Nearly half of threats blocked by Trend Micro in 2023 occurred via email
Hybrid work has become the norm in the corporate environment, and cybercrime is now taking advantage of blind spots in the built-in security of email services more than ever before. In 2023, the Trend Vision One™ – Email and Collaboration Security (also known as Cloud App Security), solution from Trend Micro, a world leader in cybersecurity solutions, discovered over 45 million high-risk email threats, in addition to those detected by Microsoft 365 and Google Workspace's built-in security.
The report shows that of the 45 million infected emails, more than 19 million were classified as Malware and 25.6 million contained malicious URLs, in addition to almost half a million BEC threats (from the English, Business Email Compromise). In this type of attack, the criminal sends a fake email pretending to be a high-ranking executive in the company in order to obtain the release of financial resources.
“Unfortunately, the built-in security of popular messaging services, such as Microsoft 365 and Google, simply cannot prevent malicious emails from infiltrating companies. Therefore, email security tools must be a vital part of companies’ cybersecurity strategy, acting as a second layer of defense capable of capturing highly complex and evasive threats,” highlights Cesar Candido, General Director of Trend Micro Brazil.
Analysis
The blocking of Trend Micro’s 19.1 million malware files in 2023 represents a 349% increase over 2022. The number of known malware threats also jumped to 16 million, indicating a massive growth of 3,079%. However, it is important to mention that the number of unknown malware files dropped to 3 million, which means a drop of 18%.
A measure implemented by Microsoft in mid-2022 continues to contribute to this decline in detections. At the time, Microsoft took action to prevent macro programs from running in Microsoft 365 documents, particularly those obtained from the web or attached via email. Over the past eight years, the predominant method of initial access for cybercriminals has been Microsoft 365 documents containing malicious macros, typically distributed to targets via email.
According to a report from security firm Egress, 94% of organizations fell victim to phishing attacks in 2023. This explains the 40% increase in phishing incidents compared to 2022, when Trend Micro detected and blocked more than 14 million such attacks.
Although researchers point to a decline in spam file attacks – 45% in 2023 – cybercriminals have been embedding phishing links in malicious attachments, rather than directly in the email body, as a form of obfuscation. Phishing attacks aimed at stealing information and data, also known as credential phishing, grew by 17% in 2023, with almost 7 million detections.
In total, more than 870,000 credential phishing links were discovered using Computer Vision, an image analysis and machine learning (ML) technology that detects credential phishing emails by scanning website content such as branding elements and login forms. The discoveries represent a whopping 263% increase from 2022.
CEO Fraud
Trend Micro's research area reported a 16% growth in BEC (corporate email compromise) attacks, also known as CEO Fraud, with a total of 446,234 blocks in 2023, which demonstrates that this type of tactic continues to be a profitable option.
With workforces flexible and operating in a hybrid model since the end of the pandemic, cybercriminals continue to evolve their tactics to exploit gaps in cloud security and weaknesses in the built-in security of email services.
To read more about the report, click ON HERE
EN 
PT 
