10/14/2021 | News release | Archived content
This blog is part of our monthly blog series analyzing incident response data from Cyren threat researchers and Cyren security clouds including Cyren Inbox Security.
October is Cybersecurity Awareness Month, and the theme for the week of October 11 is Phight the Phish. Below are some statistics about that "Phight" and what organizations can do to detect and contain phishing threats that evade detection by Secure Email Gateways and Microsoft Defender for Office 365. Please see proven security tips throughout the blog.
Summary Statistics
In September, Cyren detected nearly 43,000 confirmed email threats. Adjusting for changes in the volume of email traffic, this number reflects an 18% increase in malicious activity over August. The key takeaways include:
Phight the Phish Tip: PDF and .zip files are the most common files associated with malicious attachments and URLs. Be especially cautious before opening or downloading these file types.
Figure 1 - Threats by type (excluding a large university)
Phight the Phish Tip: Apply multiple best of breed detection capabilities beyond the gateway. A combination of machine learning, natural language processing, heuristics and computer vision are required to detect zero-day and evasive email threats in real-time.
This month, there are two attacks of note because they share similar tactics:
Cyren detected the first attack on September 20, 2021. This attack included 353 incidents across 5 customers.
Figure 2 - Fake Microsoft Teams notification
The second attack occurred from Sept 27, 2021 into early October. Cybercriminals sent 848 malicious emails to 7 different organizations.
Figure 3 - Fake Microsoft SharePoint notification
Phight the Phish Tip: If you must act on a notification, go to the platform and review the notifications there instead of clicking links in emails.