"Cloud Email Threats Soar 101% in a Year"

The number of email-borne cyber threats blocked by Trend Micro surged by triple digits last year, highlighting the continued risk from conventional attack vectors.  Trend Micro stopped over 33.6 million such threats reaching customers via cloud-based email in 2021, a 101% increase.  This included 16.5 million phishing emails, a 138% year-on-year increase, of which 6.5 million were credential phishing attempts.  The company also blocked 3.3 million malicious files in cloud-based emails, including a 134% increase in known threats and a 221% increase in unknown malware.  These findings come just as Proofpoint warned in a new report of the continued dangers posed by social engineering and the mistaken assumptions many users make.  Proofpoint noted that many users do not realize that threat actors may spend a lot of time and effort building a rapport over email with their victims, especially if they are trying to conduct a business email compromise (BEC) attack.  Adversaries may also abuse legitimate services from Google, Microsoft, and other sources to host and distribute malware and credential harvesting portals.  Proofpoint noted that OneDrive is the most frequently used, followed by Google Drive, Dropbox, Discord, Firebase, and SendGrid.  Proofpoint also warned of a surge in “telephone-oriented attack delivery (TOAD),” which the company claimed to see at least 250,000 times daily.

Infosecurity reports: "Cloud Email Threats Soar 101% in a Year"