The past year has seen changes in messaging-specific threats along with the use of more sophisticated malware, as well as the potential abuse of emerging technologies in artificial intelligence to inform future business protection strategies.
These are among the findings from Trend Micro’s 2019 Cloud App Security Roadmap.
In 2019, Trend Micro blocked 12,7-million high-risk email threats for customers leveraging cloud-based email services from Microsoft and Google. This second layer of defence caught threats beyond those detected by the cloud email services’ built-in security.
“Organisations are leveraging the power of SaaS-based applications in greater numbers to drive productivity, cost savings and growth. However, in doing so they may be opening themselves up to risk if they only rely on built-in security,” says Indi Siriniwasa, vice-president for sub-Saharan Africa at Trend Micro.
“As our report shows, built in security is not enough on its own to stop today’s cybercriminals. Businesses must take ownership of cloud protection and find a multi-layered third-party solution to enhance their platform’s native security functionality.”
More than 11-million of the high-risk emails blocked in 2019 were phishing related, making up 89% of all blocked emails. Of these, Trend Micro detected 35% more credential phishing attempts than in 2018.
Additionally, the number of unknown phishing links in such attacks jumped from just 9% of the total to more than 44% in 2019. This may demonstrate that scammers are registering new sites to avoid detection.
The report also shows that criminals are getting better at tricking the first layer of defence against Business Email Compromise (BEC) attacks, which typically look at attacker behaviours and intention analysis of the email content. The percentage of BEC attacks caught by AI-powered authorship analysis increased from 7% in 2018 to 21% in 2019.
Emerging phishing techniques outlined in the report include the increasing use of HTTPS and targeting Office 365 administrator accounts. This enables malicious hackers to hijack all connected accounts on the targeted domain and use them to send malware, launch convincing BEC attacks and more. To this end, Trend Micro blocked nearly 400 000 attempted BEC attacks, which is 271% more than in 2018.
In the face of such threats, Trend Micro recommends the organisations take the following mitigation steps:
* Move away from a single gateway to a multi-layered cloud app security solution.
* Consider sandbox malware analysis, document exploit detection, and file, email, and web reputation technologies to detect malware hidden in Office 365 and PDF documents.
* Enforce consistent data loss prevention (DLP) policies across cloud email and collaboration apps.
* Choose a security partner that can offer seamless integration into their cloud platforms, preserving user and admin functions.
* Develop comprehensive end-user awareness and training programmes.
The report’s findings were based on data generated by Trend Micro Cloud App Security.