Everyone knows just how harmful emails that have ransomware and viruses are. However, recent developments have revealed dangerous emails that are malware-free. Emails no longer need to contain malware before they wreak havoc on the receivers. In its 2018 half year Email Threat Report made available on 12 September, FireEye released what can be called a shocker news. It disclosed that the majority of the email it analyzed were full of potentially harmful contents.
For this analysis, FireEye examined 500 million emails beginning from January to June this year. Out of this figure, just about 32% were certified “clean” by FireEye. As such, the emails were allowed to be sent to the receiver end.
But it should be noted that the fact that an email is not certified “clean” does not mean its content is malicious. FireEye says that just one out of every 101 emails was established to contain malicious contents . FireEye email security’s Vice President, Ken Bagnall wrote in a statement thus:
Not only is email the most pervasive form of communication, it is also the most popular vector for cyber-attacks. This makes email the biggest vulnerability for every organization.
This position by Bagnall is corroborated by data from FireEye itself. This data amazingly reveals that not less than 91% of cyber-attacks come from emails.
In determining which email content is clean or not, FireEye ensured that a parameter for determining content level and connections. At the level of connection, 58% of emails were blocked. These emails were blocked simply because of an identified abnormal traffic relating to the database of malicious IP addresses and registered malicious domains.
When it got to the content level, emails amounting to 10% of the total were blocked. The reason is that it was found to contain malicious attachments, impersonation, and even malware URLs.
One of the identified impersonations in emails is Business Email Compromise (BEC). It is an attack from an email that tricks an organization into fraudulently paying for an invoice. FBI recently released a report saying that about &12.5 billion has been lost globally beginning from October 2013.
This kind of attack (BEC and impersonation) belong to the category of attacks FireEye calls malware-less. The reason is obvious – the emails do not contain any executable virus that directly contributes to the attack. The report says that 90% of the total email attacks that FireEye blocked in the first half of 2018 are malware-less. It’s just about 10% of the emails blocked that have viruses, ransomware or spyware.
While analyzing what constitutes malware-less email attack, it was reported by FireEye that 81% of the malware-less emails that were blocked were phishing attacks. Only 19% are impersonation attacks.
Granted, there is no time that email attacks cannot be sent. However, FireEye has discovered a unique trend for the timing of the attack.
Its report revealed that impersonation attacks are most common on Fridays. Other malware-less attacks according to FireEye are most rampant on Thursday. Whereas, the other emails containing viruses or other malicious contents are most common on Monday and Wednesday.