CyberSecurityBoard
Sponsor Register Login

Secure email gateways struggle to keep pace with sophisticated phishing campaigns

In 2023, malicious email threats bypassing secure email gateways increased by more than 100%, according to Cofense.
In just two years, Cofense identified over 1.5 million malicious emails bypassing their customers' SEGs, signaling a 37% increase in threats compared to 2022, and a staggering 310% increase over 2021.
To put this in context, the report highlights that Cofense detected at least one malicious email bypassing their customers' SEGs every 57 seconds.
With the increasing frequency and severity of email attacks, it is essential to train employees to identify and report malicious emails, while deploying solutions to identify and remediate threats that are actively bypassing SEGs.
The report points out that secure email gateways struggle to keep pace with sophisticated phishing campaigns and relying on 'good enough' email security is no longer an option for most enterprises.
The report highlights that email remains the primary attack vector for cybercrime, with 90% of data breaches originating from phishing attacks aimed at employees.
Secure email gateways are struggling to keep pace with the rapidly evolving nature of phishing campaigns, evidenced by a concerning 104.5% increase in the number of malicious emails bypassing SEGs in 2024.
Credential phishing, the preferred method of threat actors, also saw a staggering 67% increase in volume compared to the previous year.
In 2023 Cofense saw an increase in tactics like vishing, smishing, brand impersonation, and QR code phishing that bypass SEGs.
Cofense reported a 331% increase in QR code active threat reports last year.
Healthcare and finance remained the top targeted industries - Increases in malicious emails bypassing SEGs in those industries at 84.5% and 118%, respectively.
Brand impersonation and vishing campaigns are on the rise, with threat actors exploiting these tactics to deceive employees.
These attacks are efficient at bypassing SEGs, as they often lack attachments or obvious links.
A persistent threat throughout 2021 and 2022, Snake Keylogger remained a significant risk in 2023.
As we go into 2024, its ability to evade detection by antivirus software makes it a concerning threat to organizations.
A consistent threat, FormBook is an information-stealer malware focused on accessing sensitive information from infected systems.
Businesses are urged to proactively safeguard against this pervasive threat.
This malware is known to infect computer systems through malicious emails that trick unsuspecting users into opening it.
Cofense reports a 1,092% increase in Google AMP emails bypassing secure email gateways in the last six months of 2023.
BEC remains one of the most devastating cybercrimes, with scammers exploiting conversational-based phishing attacks.


This Cyber News was published on www.helpnetsecurity.com. Publication date: Fri, 23 Feb 2024 05:13:07 +0000


Cyber News related to Secure email gateways struggle to keep pace with sophisticated phishing campaigns

Secure email gateways struggle to keep pace with sophisticated phishing campaigns - In 2023, malicious email threats bypassing secure email gateways increased by more than 100%, according to Cofense. In just two years, Cofense identified over 1.5 million malicious emails bypassing their customers' SEGs, signaling a 37% increase in ...
4 months ago Helpnetsecurity.com
Combat Phishing Attacks With AI-Powered Threat Protection - According to statistics, 81% of organizations have seen an increase in phishing emails since 2020, with an estimated 3.4 billion emails sent every day. AI-generated phishing emails are a sophisticated and evolving cybersecurity threat. ...
5 months ago Gbhackers.com
Spear Phishing vs Phishing: What Are The Main Differences? - Almost half of them used phishing to obtain the passwords of users. Highly targeted phishing campaigns against specific individuals or types of individuals are known as spear phishing. It's important to be able to spot phishing in general. For ...
5 months ago Techrepublic.com
Cybersecurity Awareness Campaigns in Education - Cybersecurity awareness campaigns in education are essential to protect digital systems and information. The target audience for cybersecurity awareness campaigns in education includes students, teachers, administrators, and other staff members. ...
6 months ago Securityzap.com
Flipping the BEC funnel: Phishing in the age of GenAI - For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic email and fire it out to thousands of recipients in the hope that a few might take the bait. Common among these new techniques was a shift towards ...
5 months ago Helpnetsecurity.com
What SOCs Need to Know About Water Dybbuk - According to the Federal Bureau of Investigation, BEC costs victims more money than ransomware, with an estimated US$2.4 billion being lost to BEC in the US in 2021. Recently, BEC scammers have been using stolen accounts from legitimate Simple Mail ...
1 year ago Trendmicro.com
Email Security Trends And Predictions in 2024 - One of the most critical aspects of this broad topic is email security. Email security refers to the collective measures used to secure the access and content of an email account or service. An email service provider implements email security to ...
7 months ago Cybersecuritynews.com
Safeguarding Data Exchange: A Comprehensive Overview of API Gateways and Their Imperative Role in Ensuring Robust Security - In today's interconnected digital landscape, the proliferation of Application Programming Interfaces has revolutionized the way systems communicate and exchange data. This underscores the pivotal role of API Gateways as the guardians of digital ...
7 months ago Feeds.dzone.com
Pikabot Malware Surfaces As Qakbot Replacement for Black Basta Attacks - A threat actor associated with Black Basta ransomware attacks has been wielding a new loader similar to the notoriously hard-to-kill Qakbot, in a widespread phishing campaign aimed at gaining entry to organization networks for further malicious ...
5 months ago Darkreading.com
Phishing Campaign Exploits Open Redirection Vulnerability In 'Indeed.com' - Phishing remains one of the most prevalent challenges facing organisations, with more than three billion malicious emails estimated to be sent around the world every day. Owing to the prevalence of the problem, Verizon's 2023 Data Breach ...
3 months ago Cyberdefensemagazine.com
One Phish, Two Phish, Red Phish, Blue Phish - I sat down for a chat with George Skouroupathis, our phishing expert at Resonance Security. Phishing is often the first step taken by hackers in a larger scam. There are lots of different kinds of phishing attacks, but one of the most prevalent is ...
1 month ago Hackread.com
The Future of Phishing Email Training for Employees in Cybersecurity - One common method they use is through phishing emails. To counter this changing threat, companies must give importance to providing phishing email training for employees on identifying and responding properly to phishing attempts. Standard training ...
1 month ago Hackread.com
Business Email Compromise Scams: Prevention and Response - We will also highlight red flags to watch out for in suspicious emails, emphasizing the importance of implementing robust email authentication methods and comprehensive employee training programs to enhance awareness and response capabilities. BEC ...
5 months ago Securityzap.com
Telegram is a Wide-Open Marketplace for Phishing Tools - The encrypted messaging app Telegram has become a veritable marketplace for bad actors who want to launch effective phishing campaigns on the cheap, essentially democratizing the cyberthreat, according to researchers at cybersecurity firm Guardio. ...
5 months ago Securityboulevard.com
Cybercriminals are utilizing a novel technique to send out their phishing scams - Cyber criminals are using specially crafted phishing emails to infect victims with malware, and they are doing so by trying out a new way of delivering the malicious payload. According to Proofpoint, there has been an increase in cyber attackers ...
1 year ago Zdnet.com
China-Sponsored Attackers Target 40K Corporate Users in 90 Days - Three novel credential-phishing campaigns have emerged from state-sponsored actors that have compromised at least 40,000 corporate users - including top-level executives - in just three months' time, researchers have found. The attacks target a range ...
1 week ago Darkreading.com
"Quishing" you a Happy Holiday Season - QR Code phishing scams - What they are and how to avoid them. Originally invented to keep track of car parts in the early 90s, QR codes have been around for decades. Quishing, or QR Code phishing, exploits smartphone users scanning the 2D barcode, ...
6 months ago Netcraft.com
Top Characteristics of a QR Code Phishing Email - As campaigns using QR codes grow in size and complexity it is important to track not just the QR codes themselves, but also the context of the emails delivering the QR codes. Others use images embedded in the email or QR codes rendered from external ...
7 months ago Securityboulevard.com
Security Boulevard - With the rising volume of fraudulent emails and AI-enhanced phishing scams, industry giants such as Google, Yahoo, and Microsoft have doubled their email security efforts. DMARC builds on two existing email authentication technologies: Sender Policy ...
5 months ago Securityboulevard.com
Essential Email and Internet Safety Tips for College Students - Your email is one of the most important digital assets and identities because it helps you create accounts on other platforms. Securing your email requires you to pay attention to your passwords, gadgets, and the links you engage with. The places you ...
5 months ago Securityboulevard.com
Hackers Stolen Over $58 Million Crypto Via Malicious Google Ads - Threat actors targeting crypto wallets for illicit transactions have been in practice for quite some time. Threat actors have been using Wallet Drainers for such cybercrime activities, which have seen great success in recent years. Several techniques ...
6 months ago Gbhackers.com
ACDS Unveils Tailored Email Security Essentials Package for SMBs to Protect from Malicious Communications - Email is the most common attack vector for cybercriminals, in fact the overwhelming majority of malware-related security incidents are delivered via email. It's no surprise that email security is at the forefront of many business leader's minds. In ...
6 months ago Itsecurityguru.org
ACDS Unveils Tailored Email Security Essentials Package for SMBs to Protect from Malicious Communications - Email is the most common attack vector for cybercriminals, in fact the overwhelming majority of malware-related security incidents are delivered via email. It's no surprise that email security is at the forefront of many business leader's minds. In ...
6 months ago Itsecurityguru.org
USPS Delivery Phishing Scam Exploits SaaS Providers to Steal Data - A new USPS Delivery Phishing Scam has surfaced, in which scammers are exploiting Freemium Dynamic DNS and SaaS Providers to steal victims' login credentials and other data. Cybersecurity researchers at Bloster AI have uncovered a new USPS Delivery ...
7 months ago Hackread.com
Hundreds of Thousands of Dollars Worth of Solana Cryptocurrency Assets Stolen in Recent CLINKSINK Drainer Campaigns - On January 3, 2024, Mandiant's X social media account was taken over and subsequently used to distribute links to a cryptocurrency drainer phishing page. The following blog post provides additional insight into the drainer leveraged in this campaign, ...
5 months ago Mandiant.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)