Malware attacks on corporate inboxes

Corporate email addresses are 4.3 more likely to receive malware compared to personal accounts, 6.2 times more likely to receive phishing lures, and 0.4 times less likely to receive spam.

These are statistics gathered by the Google Research team from analyzing over one billion emails that passed through Gmail, results that were presented yesterday at the RSA security conference in San Francisco.

The results of the study aren't that surprising, as corporate inboxes tend to contain more valuable information, which can be much more easily monetized on the Dark Web.

More surprisingly is that out of all industry verticals, companies activating in real estate were the most targeted with malware, receiving more malicious emails compared to businesses working in retail, IT, finance, insurance, and other more financially attractive domains.

Phishing trends

On the other hand, spam emails peddling products and services mostly targeted companies activating in entertainment and IT, while phishing campaigns targeted the financial sector, the main target of most phishing attempts for the past few years.

Nonetheless, the financial sector has seen a decrease in the number of phishing attacks it received, according to a different report from PhishLabs. The report highlights a decline of phishing emails targeting the financial sector from a 38% share in 2013 to only 23% in 2016.

Further, the same PhishLabs report also highlights a growth of phishing sites in 2016, the company detecting over 1 million phishing pages deployed across over a whopping 170,000 different domains.

Overall, phishing attacks saw a 23% increase compared to phishing statistics in 2015, with new attacks focusing on other industry verticals, such as cloud and online services.

Here are some of the other PhishLabs findings, detailed in depth in the 2017 Phishing Trends & Intelligence Report:

  • Phishing volume grew by an average of more than 33% across the five most-targeted industries.
  • Attacks targeting government tax authorities have grown more than 300% since 2014.
  • There were more IRS phishing attacks in January 2016 than there were in all of 2015.
  • Cloud storage sites will likely overtake financial institutions as the top targets of phishing attacks.
  • In a deviation from prior years, phishing volume peaked mid-year due to the influence of major global events, such as Brexit.
  • The share of attacks against targets in the United States continues to grow, accounting for more than 81% of all phishing attacks.
  • Attacks on Canadian institutions grew 237%, more than any other country.
  • Although 59% of phishing sites were hosted in the United States, there was a significant increase in the number of phishing sites hosted in Eastern Europe.
  • Although the .COM top-level domain (TLD) was associated with more than half of all phishing sites in 2016, new generic TLDs are becoming a more popular option for phishing because they are low cost and can be used to create convincing phishing domains
  • Of more than 29,000 phish kits collected, more than a third used techniques to evade detection.
Phishing attacks across the globe
Phishing attack trends across the globe (PhishLabs)

Both Google and PhishLabs experts expect to see a continuous rise in phishing attacks in the following year, as phishing still remains one of the simplest and most effective attacks to perform.

Google's RSA presentation ended with a positive tone, as the company announced that SMTP Strict Transport Security (SMTP STS), the HSTS equivalent for SMTP, is set to arrive in Gmail in the coming year.

Below is Google's slides from yesterday's presentation.