CyberSecurityBoard
Sponsor Register Login

Secure email gateways struggle to keep pace with sophisticated phishing campaigns

In 2023, malicious email threats bypassing secure email gateways increased by more than 100%, according to Cofense.
In just two years, Cofense identified over 1.5 million malicious emails bypassing their customers' SEGs, signaling a 37% increase in threats compared to 2022, and a staggering 310% increase over 2021.
To put this in context, the report highlights that Cofense detected at least one malicious email bypassing their customers' SEGs every 57 seconds.
With the increasing frequency and severity of email attacks, it is essential to train employees to identify and report malicious emails, while deploying solutions to identify and remediate threats that are actively bypassing SEGs.
The report points out that secure email gateways struggle to keep pace with sophisticated phishing campaigns and relying on 'good enough' email security is no longer an option for most enterprises.
The report highlights that email remains the primary attack vector for cybercrime, with 90% of data breaches originating from phishing attacks aimed at employees.
Secure email gateways are struggling to keep pace with the rapidly evolving nature of phishing campaigns, evidenced by a concerning 104.5% increase in the number of malicious emails bypassing SEGs in 2024.
Credential phishing, the preferred method of threat actors, also saw a staggering 67% increase in volume compared to the previous year.
In 2023 Cofense saw an increase in tactics like vishing, smishing, brand impersonation, and QR code phishing that bypass SEGs.
Cofense reported a 331% increase in QR code active threat reports last year.
Healthcare and finance remained the top targeted industries - Increases in malicious emails bypassing SEGs in those industries at 84.5% and 118%, respectively.
Brand impersonation and vishing campaigns are on the rise, with threat actors exploiting these tactics to deceive employees.
These attacks are efficient at bypassing SEGs, as they often lack attachments or obvious links.
A persistent threat throughout 2021 and 2022, Snake Keylogger remained a significant risk in 2023.
As we go into 2024, its ability to evade detection by antivirus software makes it a concerning threat to organizations.
A consistent threat, FormBook is an information-stealer malware focused on accessing sensitive information from infected systems.
Businesses are urged to proactively safeguard against this pervasive threat.
This malware is known to infect computer systems through malicious emails that trick unsuspecting users into opening it.
Cofense reports a 1,092% increase in Google AMP emails bypassing secure email gateways in the last six months of 2023.
BEC remains one of the most devastating cybercrimes, with scammers exploiting conversational-based phishing attacks.


This Cyber News was published on www.helpnetsecurity.com. Publication date: Fri, 23 Feb 2024 05:13:07 +0000


Cyber News related to Secure email gateways struggle to keep pace with sophisticated phishing campaigns

10 Best Anti-Phishing Tools in 2025 - What is Good?What Could Be Better?Real-time email threat detection and response using AI and machine learning.Limited customer support optionsAutomates incident response to stop phishing attacks quickly.The training module is not entirely ...
6 months ago Cybersecuritynews.com
Secure email gateways struggle to keep pace with sophisticated phishing campaigns - In 2023, malicious email threats bypassing secure email gateways increased by more than 100%, according to Cofense. In just two years, Cofense identified over 1.5 million malicious emails bypassing their customers' SEGs, signaling a 37% increase in ...
1 year ago Helpnetsecurity.com
10 Best Email Security Gateways in 2025 - Barracuda Email Security Gateway is a solution that helps protect organizations from email-borne threats such as spam, viruses, phishing, and other malicious content. It uses various methods, including filtering, encryption, and sandboxing, to ...
11 months ago Cybersecuritynews.com
The 6 Best Email Security Software & Tools of 2024 - To guarantee full protection against email threats, important features to consider when picking an email security solution include email filtering and spam detection, sandboxing, mobile support, advanced machine learning, and data loss prevention. ...
1 year ago Esecurityplanet.com
Spear Phishing vs Phishing: What Are The Main Differences? - Almost half of them used phishing to obtain the passwords of users. Highly targeted phishing campaigns against specific individuals or types of individuals are known as spear phishing. It's important to be able to spot phishing in general. For ...
2 years ago Techrepublic.com
Combat Phishing Attacks With AI-Powered Threat Protection - According to statistics, 81% of organizations have seen an increase in phishing emails since 2020, with an estimated 3.4 billion emails sent every day. AI-generated phishing emails are a sophisticated and evolving cybersecurity threat. ...
2 years ago Gbhackers.com
Flipping the BEC funnel: Phishing in the age of GenAI - For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic email and fire it out to thousands of recipients in the hope that a few might take the bait. Common among these new techniques was a shift towards ...
2 years ago Helpnetsecurity.com
Email Security Trends And Predictions in 2024 - One of the most critical aspects of this broad topic is email security. Email security refers to the collective measures used to secure the access and content of an email account or service. An email service provider implements email security to ...
2 years ago Cybersecuritynews.com
Phishing kits now vet victims in real-time before stealing credentials - Even if they were allowed to use the real target's address, the analysts comment that some campaigns go a step further, sending a validation code or link to the victim's inbox after they enter a valid email on the phishing page. However, with this ...
10 months ago Bleepingcomputer.com
Cybersecurity Awareness Campaigns in Education - Cybersecurity awareness campaigns in education are essential to protect digital systems and information. The target audience for cybersecurity awareness campaigns in education includes students, teachers, administrators, and other staff members. ...
2 years ago Securityzap.com
Safeguarding Data Exchange: A Comprehensive Overview of API Gateways and Their Imperative Role in Ensuring Robust Security - In today's interconnected digital landscape, the proliferation of Application Programming Interfaces has revolutionized the way systems communicate and exchange data. This underscores the pivotal role of API Gateways as the guardians of digital ...
2 years ago Feeds.dzone.com
What SOCs Need to Know About Water Dybbuk - According to the Federal Bureau of Investigation, BEC costs victims more money than ransomware, with an estimated US$2.4 billion being lost to BEC in the US in 2021. Recently, BEC scammers have been using stolen accounts from legitimate Simple Mail ...
3 years ago Trendmicro.com
AI-Powered Phishing Detection - Does It Actually Work? - Unlike traditional methods that rely on identifying known threats, AI-powered systems analyze patterns and behaviors to detect anomalies indicative of phishing attempts. The rise of artificial intelligence (AI) has brought new hope to combating these ...
9 months ago Cybersecuritynews.com
Pikabot Malware Surfaces As Qakbot Replacement for Black Basta Attacks - A threat actor associated with Black Basta ransomware attacks has been wielding a new loader similar to the notoriously hard-to-kill Qakbot, in a widespread phishing campaign aimed at gaining entry to organization networks for further malicious ...
2 years ago Darkreading.com Black Basta
Business Email Compromise Scams: Prevention and Response - We will also highlight red flags to watch out for in suspicious emails, emphasizing the importance of implementing robust email authentication methods and comprehensive employee training programs to enhance awareness and response capabilities. BEC ...
2 years ago Securityzap.com
One Phish, Two Phish, Red Phish, Blue Phish - I sat down for a chat with George Skouroupathis, our phishing expert at Resonance Security. Phishing is often the first step taken by hackers in a larger scam. There are lots of different kinds of phishing attacks, but one of the most prevalent is ...
1 year ago Hackread.com
The Future of Phishing Email Training for Employees in Cybersecurity - One common method they use is through phishing emails. To counter this changing threat, companies must give importance to providing phishing email training for employees on identifying and responding properly to phishing attempts. Standard training ...
1 year ago Hackread.com
Phishing Campaign Exploits Open Redirection Vulnerability In 'Indeed.com' - Phishing remains one of the most prevalent challenges facing organisations, with more than three billion malicious emails estimated to be sent around the world every day. Owing to the prevalence of the problem, Verizon's 2023 Data Breach ...
1 year ago Cyberdefensemagazine.com
CISA Adds Actively Exploits Ivanti Connect Secure Vulnerability in Known Exploited Catalog - If no compromise is detected, conduct a factory reset with a clean image for cloud/virtual systems, apply patches per Ivanti’s advisory (Connect Secure 22.7R2.6; Policy Secure and ZTA Gateways patches due April 21 and 19), monitor authentication ...
10 months ago Cybersecuritynews.com CVE-2025-22457
Telegram is a Wide-Open Marketplace for Phishing Tools - The encrypted messaging app Telegram has become a veritable marketplace for bad actors who want to launch effective phishing campaigns on the cheap, essentially democratizing the cyberthreat, according to researchers at cybersecurity firm Guardio. ...
2 years ago Securityboulevard.com
Essential Email and Internet Safety Tips for College Students - Your email is one of the most important digital assets and identities because it helps you create accounts on other platforms. Securing your email requires you to pay attention to your passwords, gadgets, and the links you engage with. The places you ...
2 years ago Securityboulevard.com
Security Boulevard - With the rising volume of fraudulent emails and AI-enhanced phishing scams, industry giants such as Google, Yahoo, and Microsoft have doubled their email security efforts. DMARC builds on two existing email authentication technologies: Sender Policy ...
2 years ago Securityboulevard.com
Spotting Phishing Attacks with Image Verification Techniques - Phishing refers to the tactic used by scammers who impersonate reputable brands and lure victims to click on suspicious links so that they can breach the privacy and sensitive data of individuals. You can call image-based phishing a relatively ...
9 months ago Cybersecuritynews.com
"Quishing" you a Happy Holiday Season - QR Code phishing scams - What they are and how to avoid them. Originally invented to keep track of car parts in the early 90s, QR codes have been around for decades. Quishing, or QR Code phishing, exploits smartphone users scanning the 2D barcode, ...
2 years ago Netcraft.com
How Businesses Prevent Credential Theft with Early Phishing Detection - By offering real-time, hands-on analysis, sandboxes give businesses the tools they need to stay one step ahead of evolving phishing attacks. Sandboxes like ANY.RUN offer real-time analysis, complete attack visibility, and tools that empower ...
6 months ago Cybersecuritynews.com

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)