2021 in Email Security: News Round-Up

According to an article in Infosecurity Magazine, cybercrime costs businesses about $1.79 million per minute. No doubt, this number is growing, and the most vulnerable point continues to be email cyber security.

While email security companies create products and services for more sophisticated protection levels, hackers continue to find and exploit vulnerabilities.

We’ve decided to look back at 2021 and collect the most significant attacks, news stories, and developments in a brief year-end recap.

Ransomware Attacks Impact Non-IT Industries

When we talk about cybersecurity, we might give way to the fallacy that only IT companies become prey to social engineering and ransomware attacks. For example, it seems counterintuitive to put the words “email cyber security failure” and “fuel shortages” in one sentence.

Still, we’re in an era where other industries and ecosystems have become dependent on cybersecurity, good password hygiene, and cyberattack awareness. Governments, infrastructure providers, public organizations, and private companies possess large databases and are all vulnerable to cyberattacks.

Here are a few news stories to make headlines during 2021:

Colonial Pipeline Complete Shutdown

No matter the size of the organization, enforcing guidelines for secure use of email and password hygiene should be a priority. A single leaked password led to hackers accessing the Colonial Pipeline network and holding the system hostage for over five days.

The senior vice president of Mandiant, the security firm tasked to disseminate the situation, mentions that the leak happened when an employee used a VPN account to access company networks remotely. 

While the login credentials to the account were found in a leaked database on the dark web, the exact way hackers obtained it isn’t clear and might never be revealed.

Colonial Pipeline had to pay a ransom of $4.4 million to recover 100 GB of stolen data.

ACER Hit By the Largest-Known Ransom Demand

In March 2021, the Taiwanese computer manufacturer, ACER, was hit by a $50 million ransom demand. The attack was carried out by the REvil hacker group, who allegedly accessed ACER’s system via a Microsoft Exchange server vulnerability.

The attackers proposed a deadline for the ransom payment. If not paid in time, the ransom was going to double.

The locked and leaked files included documents and spreadsheets of a sensitive financial nature.

Other ransomware attacks of 2021 covered industries like food processing (JBS America), sports (NBA), insurance (AXA), chemical distribution (Brenntag), and many more.

These incidents highlight a few things non-IT companies need to face future threats:

• Corporations should continually strengthen their cybersecurity practices
• All employees need to use two-factor authentication, especially on work accounts
• Keeping good password hygiene should be a top priority for everybody
• Companies should enforce routine password change procedures

Holiday Scams Rise Yet Again

Whether it’s Thanksgiving, Black Friday, or Christmas, hackers try getting the most out of the holidays. People feel more generous and laid back. They lose alertness while buying gifts, and it’s easier to catch them on the hook with phishing emails or other social engineering scams. 

This is why the focus on email cyber security grows around the festive time of the year.

Some tactics that might not work during the year are more relevant during holidays. Here are a few examples:

• Fake charities
• Gift exchanges on social media
• Free holiday apps and gift cards
• Holiday jobs
• Compromised account alerts
• Attacks on ATMs

These work well because they leverage the most crucial points: time scarcity, lack of monitoring at companies during the holidays, and loss of alertness among the general public.

The Amazon impersonation scam was one of the latest and greatest holiday season traps for unsuspecting online shoppers. The victims received phishing emails and unsolicited calls from third parties, mentioning that a problem occurred, and customers must tend to it at once. Furthermore, they’d request a payment or account information to solve it.

According to the U. S. Federal Trade Commission (FTC), Amazon is on the top of the list of impersonated businesses, by far exceeding the impersonation percentage of Apple.

COVID-19 Pandemic-Related Scams

While the Coronavirus isn’t news anymore, it keeps making headlines not only in terms of vaccines and new variants but also in the field of cybersecurity. Email security companies received scam alerts connected with increased phishing attempts.

According to a Washington Post article, phishing emails spiked around June, which coincided with the spread of the “delta variant.” Uncertainty is always a breeding ground for criminals. Such was the confusion around receiving a vaccine and reporting it to the company HR. Employees would get emails:

• Asking for proof of vaccination
• Stating that the employee has been let go
• From fake healthcare organizations laying out virus treatment and precaution methods

Not only did the scam attempts increase, but people also started falling for them more often. This might have to do with more people working from home. Still, the hackers are also more inventive and believable when it comes to phishing email topics.

The UK National Cyber Security Center reports that vaccine manufacturers and distributors are another target group for COVID-19-related scams. 

iOS 15 Privacy Features Impact Email

Privacy has long been a number one priority for Apple. However, in 2021, the company had a hard time with a few privacy and security issues. It received the most backlash for the Israeli Pegasus virus that reportedly found a way into Apple devices. Although the company released an emergency patch, this incident made history.

In an attempt to combat child exploitation, the giant prepared to release a feature that would scan devices for any images containing youth workers. This created more controversy among security experts and critics.

Still, not everything is dire at Apple. iOS 15 has been a hit in user privacy protection. While some of its features created turmoil among email marketing experts, it marked yet another step toward user protection.

The central feature is the ability to turn off open-rate tracking. Aside from this, the latest iOS update presents users with optional paid features of IP address blocking and email address cloaking.

Phishing is the Main Culprit of Data Breaches

The Human Hacking Report by Slashnext describes humans as “porous” in terms of cybersecurity. Indeed, employees and individuals are almost always prone to costly mistakes for their companies. 

The addition of psychological tricks like a sense of urgency or exploiting the innate impulse of being helpful make them even more vulnerable. On the other hand, hackers that send phishing emails never fail to amaze with the ploys they come up with.

According to Verizon’s 2021 Data Breach Investigations Report (DBIR), phishing is on top of the “Breaches” category (confirmed data disclosure to an unauthorized party). 

Its frequency increased by 11% due to the quarantine. While in the “Incidents” category, (compromise of asset integrity, availability, or confidentiality) phishing is second after DoS attacks.

DMARC Adoption Rate Increases Significantly 

Last but not least, our year-end recap would be incomplete without some stats on DMARC adoption. DMARC.org analysis confirms that increasingly more organizations realize how important it is to implement DMARC email security.

In the first half of 2021, the total number of domains with published DMARC policy amounted to 3.46 million. Compared to January-June 2020, the same period of 2021 saw a double increase. 

While the average monthly growth was around 114,500, June 2021 saw an exclusive boost in numbers – 400,000 in one month.

Although we don’t have a conclusive analysis on end-of-the-year outcomes yet, we believe that the trend continued.

Final Thoughts

While phishing stays on top of security concerns for data breaches, 2021 marked the increase of ransomware and attacks on non-IT industries. 

These developments aren’t bizarre, as an increasing number of companies in the email security market and governments step on the path of digitization.

The DMARC adoption rate increase is one of the positives of 2021, as more business owners start understanding why email security is important. 

Considering the historical numbers and the projected increase over the second half of the year, companies are entering 2022 with a better understanding of email cyber security.