It’s that time of year when we make our predictions about the biggest email threats that will emerge in the coming year. Vade Secure’s experts weigh in on the email threats that will have the biggest impact on businesses in 2020.
1. Business email compromise (BEC) will wreak havoc on businesses
“I still believe BEC (spear phishing) is the main threat on the corporate market,” says Sebastien Goutal, chief scientist at Vade Secure. According to the FBI, BEC attacks increased 100 percent between May 2018 and October 2019, with businesses reporting $1.2 billion in losses in 2018 and $26 billion since 2016.
Most spear phishing emails detected by Vade start out with pretexting, such as “Hello, are you available?” Because of the lack of content and the brevity of the email, the threat often goes undetected by email filters using text content analysis.
To make things worse, Goutal says, “some vendors whitelist the email as soon as the recipient responds to it.” This essentially makes the cybercriminal a trusted sender who can continue the exchange with the victim.
Additionally, Goutal says, BEC will increase in sophistication with the help of Deep Learning, including text-to-speech algorithms that can mimic voices. Hackers, Goutal says, will continue to use this technology to create robo calls, voicemail spam, and even personalized voicemails mimicking CEOs and other senior staff.
2. Sextortion will reemerge, with new ammunition
We’re already seeing a resurgence of sextortion emails, and it will only get worse in 2020. Not only will it make a comeback, but sextortion will be successful due to a variety of new techniques.
One trend that is growing is the image-as-text sextortion email, says Adrien Gendre, chief solution architect at Vade Secure. To bypass an email security filter, a hacker will insert a screenshot of an email in the email body. The screenshot is hosted on a website and therefore does not include content that can be scanned by a filter.
This technique, Gendre says, will emerge not only as a top technique used in sextortion emails but also one of the most difficult to detect because many filters cannot view and interpret images.
Another technique that will grow, says Goutal, is hiding malicious content in PDF or Microsoft Office files, and taking advantage of the attachment preview feature in email software such as Apple Mail. There was a recent sextortion campaign where the text was stored in a PDF attachment but was directly visible to the end user—thanks to the attachment preview feature. As the format of PDF and Office files is particularly complex, many email filters do not have the ability to extract and block malicious content in PDF and Office files.
Additionally, Goutal says data leaks will give hackers new ammunition to convince victims that their computers are infected with malware. Armed with passwords leaked on the internet, a hacker need only mention a victim’s password to induce panic and encourage cooperation with the sextortion demand.
3. Phishing links will find a new home in file-hosting services
The past year has seen an influx of phishing campaigns that include phony file-sharing notifications from OneDrive and SharePoint. In some attacks, the OneDrive and SharePoint URLs lead to phishing pages. But in advanced attacks, hackers use legitimate OneDrive and SharePoint URLs and place the phishing links in real files to evade URL scanning technology.
This technique, says Goutal, is spreading to other hosting services, including Dropbox, Google, WeTransfer, and Evernote. “Hosting malware on these types of services is a trend that is slowly growing,” says Goutal, “and it’s not going to slow down.”
Here’s how the scam would work: you receive an email alerting you that a colleague has shared an Evernote with you. The email includes either a link to an Evernote note that includes a link to a phishing site or the note includes a link that automatically downloads malware when clicked.
For now, these file-sharing notifications are fake, but, Gendre says, we could see legitimate notifications in the near future.
4. The data deluge of 2019 will have big consequences in 2020
According to Risk Based Security, there were more than 5,183 data breaches reported in the first nine months of 2019, a 33 percent increase from the previous year. In total, 7.9 billion records were exposed. Many of these records, including troves of usernames and passwords, were stolen through phishing campaigns and are for sale on the black market.
According to Sebastien Gest, tech evangelist at Vade Secure, those exposed records will give hackers everything they need to improve their email campaigns. And, he says, data contained in user profiles are just as valuable as personally identifiable information like usernames and passwords.
“Hackers will begin creating a virtual profile of victims,” Gest says. “With profile data, a hacker can determine your hobbies, political affiliation, purchasing habits, and much more.” A virtual profile enables hackers to create more targeted email campaigns, which have a much higher success rate than high-volume, generic phishing campaign blasts, Gest says.
We’ve seen the consequences of data leaks already with sextortion emails that flaunt exposed user passwords. We expect to see more of it in highly targeted phishing and spear phishing campaigns, as well as various forms of blackmail. “The consequences of phishing in 2019,” says Gendre, “will be felt in 2020.”
5. Multiphase attacks will mix email formats and attack types
In early 2019, we noted the emergence of multiphase attacks targeting Office 365 users. What begins with a phishing attack evolves into spear phishing once a hacker has successfully gained access to an Office 365 account.
A common method of attacking subcontractors, multiphase attacks were especially hard on MSPs in 2019, resulting in a number of high-profile ransomware attacks on government agencies and healthcare organizations. Many of the affected organizations reported that the ransomware was delivered via phishing emails.
We expect to see more of this in 2020, Gendre says, but multiphase attacks will grow in sophistication, with a mixture of phishing, spear phishing, ransomware, and possibly blackmail.
6. Phishing attacks will drive disinformation in the upcoming election
Social media is being blamed for much of the disinformation being distributed around the world, but, Gendre says, the dangers of phishing shouldn’t be overlooked. The impact of the breach on the Democratic National Committee (DNC) in 2016, for example, is still being felt today. It was a direct result of a phishing email, but that fact has been lost among the thousands of other headlines that continue to bombard citizens today.
“Everything stems from phishing attacks,” Gendre says. “First you infect,” he says, “then you sit back and listen.” Such attacks, he says, will be used to drive political strategies, undermine opponents and, ultimately, influence voters. Between social media, foreign disinformation campaigns, and hackers, it will be difficult to know what’s real and what isn’t, and whom, if anyone, we should trust.