Email

Many organizations around the world are opting to pay ransoms to cybercriminals in order to buy back ownership of their data. But this can leave them open to further risk of attack.

Gerasim Hovhannisyan, CEO and co-founder of EasyDMARC, believes it's wrong to pay up and that it's better to establish good defenses. We spoke to him to find out why.

A new report shows a 121 percent increase in cybercriminals using legitimate websites to obfuscate malicious payloads.

The report from Egress, based on data from its Egress Defend cloud email security solution, shows YouTube, Amazon AWS, Google Docs, Firebase Storage, and DocuSign to be the top 10 most frequently used sites.

A new report has identified a 356 percent growth in the number of advanced phishing attacks attempted by threat actors in 2022.

The study from threat detection specialist Perception Point also shows that the overall number of attacks increased by 87 percent.

The latest spear phishing trends report from Barracuda Networks shows that 50 percent of organizations studied were victims of spear-phishing in 2022, with 24 percent having at least one email account compromised through account takeover.

The report draws on a data set that comprises 50 billion emails across 3.5 million mailboxes, including nearly 30 million spear-phishing emails, as well as a survey by Vanson Bourne of IT professionals from frontline to the most senior roles at 1,350 companies.

Online security and privacy can be difficult to achieve in a household environment, with different people using a range of devices. Proton, the company behind a number of privacy-focused services like Proton Mail and Proton VPN, may have the answer with the launch of a new family plan.

Proton Family offers an all-in-one digital security and privacy solution designed for families. The plan offers up to six family members access to Proton's premium services and features, including end-to-end encryption for emails, calendars, file storage, password management, and VPN protection.

The majority of organizations use six or more communication tools, across channels, with email being the single channel seen as the most vulnerable to attacks.

Of those responding to a new survey by Enterprise Strategy Group (ESG) and Armorblox of almost 500 IT and security professionals, 38 percent see email as the most vulnerable channel.

Last May, 21 percent of all HTML attachments scanned were malicious. Ten months on, that figure has more than doubled with 45.7 percent of scanned HTML files found to be malicious in March 2023.

This finding comes from the latest Threat Spotlight report from Barracuda Networks, which shows that not only is the overall volume of malicious HTML attachments increasing, they remain the file type most likely to be used for malicious purposes.

While email remains the most common path to target an organization, we're increasingly using other tools like Slack, Teams and Zoom too, so cybercriminals are steadily shifting their tactics and targeting these additional entry points across the enterprise.

AI-based email security platform Abnormal Security is launching a range of new additions to its product focused on expanding security detection for these collaboration tools.

'Graymail' refers to those emails that aren't quite spam but which aren't necessarily all that helpful either. Think things like newsletters, announcements, or advertisements that you may have opted into in the past but which have outlived their usefulness.

It presents a headache for security teams as it can be hard to distinguish from malicious content like reconnaissance attacks. Armorblox is launching a new product aimed at cutting the time security teams spend managing graymail and mitigating the security risks from malicious recon attacks.

Business Email Compromise attacks increased dramatically last year with a 72 percent rise year-on-year over 2021.

The 2023 Email Security Threat Report from Armorblox shows high volumes of language-based and socially engineered attacks targeting organizations of all sizes and across industries.

A couple of recent entries on the Microsoft 365 roadmap shed light on what is in store for Outlook. Over the coming weeks, Microsoft has big plans for both the mobile and desktop versions of its email client.

Starting this month, Outlook security is being boosted thanks to the arrival of built-in multi-factor authentication (MFA). And next month, a larger number of Windows users will have access to a preview version of a completely new Outlook app.

The threat of business email compromise (BEC) is growing year on year and is projected to be twice as high as the threat of phishing in general.

According to a new report from cloud email security platform IRONSCALES, over 93 percent of organizations have experienced one or more of the BEC attack variants in the previous 12 months, with 62 percent facing three or more attack variants.

Users of Microsoft's Outlook.com have been flooded with spam and phishing emails over a period of 12 hours. It seems that the message filters for the email service suffered an outage, resulting inboxes being overwhelmed with junk mail.

While Microsoft says that the issue has now been addressed, the company has provided very little in the way of explanation for what happened.

Since Microsoft began the default blocking of macros in documents sent over the internet there's been an increase in the use of HTML files to deliver malware.

Research by Trustwave Spiderlabs reveals a rise in so called 'HTML smuggling' using HTML5 attributes that can work offline by storing a binary in an immutable blob of data within JavaScript code. The embedded payload then gets decoded into a file object when opened via a web browser.

New research released today by Barracuda shows 75 percent of organizations surveyed have experienced a successful email-borne attack in the last 12 months.

What's more the study, carried out by Vanson Bourne, finds recovering from an email-borne security attack costs victims more than $1 million on average and 69 percent of those hit by ransomware say the attack started with an email.