Email threats still managing to evade defenses

Email attack

New research released today from Cyren shows that business email perimeter defenses are often incapable of preventing well-crafted email attacks.

During an average month, there are 75 malicious messages per 100 mailboxes that slip past email security filters like Microsoft 365 Defender. This means that an enterprise with 5,000 mailboxes would need to detect and respond to 3,750 confirmed malicious inbox threats each month.

The majority (79 percent) of these threats are phishing -- emails containing URLs to web content intended to harvest login credentials, personal information, or payment details. These can often be the prelude to other attacks like ransomware.


More than half (55 percent) of all phishing, impostor, and malware email attacks detected were received by more than one user. However, two thirds of email attacks were delivered to between one and 10 users suggesting the attacks were targeted. Such targeted or unique email threats are of course more difficult to block.

"Cybercriminals are specialized in email deliverability," says Mike Fleck, vice president of marketing at Cyren. "One of the ways that they do that, that I see very commonly, is they use legitimate services. So for example, they use the same email sending services that companies use to market their products. They're using things that aren't going to be blocked because their predominant use case is marketing emails from legitimate eCommerce sites."

The most frequent technique attackers use to evade detection is sending emails from a well-known webmail domain like These account for 32 percent of the evasion techniques used.

The research finds that automated detection models spotted 99 percent of the confirmed threats. Of the one percent that required manual analysis 41 percent were suspicious while 59 percent proved to be false negatives.

"The cliché is that humans are the weakest link," adds Fleck. "And it's so easy to say that I think this report says yes, humans are the weakest link, and the cybercriminals know that so they're going after your email to get their credentials."

The report concludes that organizations can greatly improve their ability to pre-empt attacks by optimizing their abilities to detect and quickly contain evasive phishing.

You can find out more on the Cyren site.

Image Credit: alphaspirit/

© 1998-2022 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.