urlscan.io logo urlscan.io
SecurityTrails logo

www.cyren.com Open in urlscan Pro
84.39.152.48  Public Scan

Back to summary
Submitted URL: http://mkt.cyren.com/n/OTQ0LVBHTy0wNzYAAAF_PFnopgkBlc7GKiC5FCt8WOZtJvX4VTe5g1wLiPTBVG4e6f1ji_g60HS2yUnTUrys_Htuwa4=
Effective URL: https://www.cyren.com/blog/articles/phishing-by-the-numbers-july-2021?utm_campaign=ongoing_blog&utm_medium=email&utm_s...
Submission: On September 01 via api from SG

Form analysis 2 forms found in the DOM

GET /search.html

<form action="/search.html" method="get" class="container">
  <input type="search" name="keywords" placeholder="Enter search" class="text search-input" value="">
  <button type="submit" class="search-submit">
    <img src="/tl_files/cyren_v3_preview/images/top-nav-search-icon-white.png" alt="Search Icon">
  </button>
</form>

POST https://feedburner.google.com/fb/a/mailverify

<form action="https://feedburner.google.com/fb/a/mailverify" method="post" target="popupwindow"
  onsubmit="window.open('https://feedburner.google.com/fb/a/mailverify?uri=CyrenSecurityBlog', 'popupwindow', 'scrollbars=yes,width=550,height=520');$('#subscribe-blog-modal').modal('toggle');return true">
  <div class="row">
    <div class="form-group col-md-12">
      <label class="control-label" for="LastName">Please enter your email address</label>
      <input class="form-control" type="text" name="email" required="">
      <input type="hidden" value="CyrenSecurityBlog" name="uri">
      <input type="hidden" name="loc" value="en_US">
    </div>
    <div class="col-md-12">
      <p class="submit-container" style="text-align: center;"><button class="btn btn-cyren-red submit" type="submit" tabindex="8">Subscribe</button></p>
    </div>
  </div>
</form>

Text Content

Phishing by the numbers – July 2021

Go back

 *  

Skip navigation
 * < Products and Solutions
   
   
   PRODUCTS
   
   For the Enterprise
   
    * Threat InDepth Threat Intelligence
    * Inbox Security for Office 365
    * F-Prot Anti-Virus
   
   --------------------------------------------------------------------------------
   
   For Service Providers and Tech Companies (OEM)
   
    * Threat InDepth Threat Intelligence
    * Cyren Email Security Engine
    * Cyren Web Security Engine
    * Cyren Malware Detection Engine
    * Cyren Threat Lookup
   
   
   SOLUTIONS
   
   Phishing and Spam Protection
   
    * Threat InDepth Threat Intelligence
    * Inbox Security for Office 365
    * Cyren Email Security Engine
   
   --------------------------------------------------------------------------------
   
   Advanced Malware Detection
   
    * Threat InDepth Threat Intelligence
    * Cyren Malware Detection Engine
    * Cyren Threat Lookup
   
   --------------------------------------------------------------------------------
   
   Web Traffic Protection
   
    * Cyren Web Security Engine
    * Threat InDepth Threat Intelligence

 * < Research
    * Cyren Security Center
    * Cyren Security Blog
   
   --------------------------------------------------------------------------------
   
   More on threats
   
    * Glossary of cyber threats
    * Phishing
    * Malware
    * Ransomware
    * Botnets

 * < Expert Content
    * Webinars & Events
      
      
      
    * On-Demand Webinars
    * Brochures and datasheets
    * Reports and white papers
    * Videos
    * Show all resources
   
   
 * < Company
   
   About Cyren
   
   More than 1.3 billion users around the world rely on Cyren's 100% cloud
   internet security solutions to protect them against cyber attacks and data
   loss every day. Learn more
   
    * Contact Us
    * Careers
   
   Press and Investors
   
    * In the News
    * Press Releases
    * Investor Relations
    * Security Alliance
   
   --------------------------------------------------------------------------------
   
   Leadership
   
    * Management
    * Board of Directors

 * 

 
 * Login
    * Cyren Inbox Security Login
    * Cyren Cloud Security Login
    * MyEleven Login

 * Partners
    * Partner Portal
    * Partner Lookup Tool

 * Support
 * Contact
 * Blog
   
   
   
 * EN
    * Select your language:
    * English
    * Deutsch

 * 


Get A Demo


CYREN SECURITY BLOG


PHISHING BY THE NUMBERS – JULY 2021

by Mike Fleck August 24, 2021 Security Research & Analysis

The Cyren Incident and Response research team continuously collects phishing
data and identifies the most effective phishing attacks using Cyren Inbox
Security (CIS), the company’s flagship Inbox Detection and Response* solution.
CIS directly connects to Office 365, continuously detecting and automatically
capturing phishing attacks that evade secure email gateways and arrive in a
user’s inbox. This data provides insights about the scale and nature of evasive
and targeted phishing threats, and why phishing continues to be a problem for
many organizations despite investments in email security best practices and
security awareness training.

In July, the Incident and Response team identified nearly 20,000 confirmed email
threats, which contained malicious content, and defied detection by third-party
email security engines and the native security capabilities of Office 365. Key
takeaways include:

 

 * Phishing continues to be the predominant email threat arriving in users’
   mailboxes. Ransomware and business email compromise attacks are costly, but
   the data clearly illustrated that they are symptoms of previous successful
   phishing attacks.
   * 93% contained phishing URLs
   * 4% were business email compromise (BEC) or impostor emails
   * 3% of messages included a malware attachment

 



Figure 1
Types of email threats beyond the SEG





 * Specialized detection and automated incident response are critical to
   eliminating threats before risky users do something they shouldn’t.
   * 97% of confirmed malicious incidents were detected before users read the
     messages.
   * 94% of evasive threats were detected by Cyren’s specialized engines and
     threat intelligence rather than helpdesk or SOC analysts.
     
     
 * Threat intelligence is important but real-time analysis is critical for
   detecting evasive and zero-day email threats.
   * 88% of evasive threats were detected with real-time techniques like machine
     learning.
   * 6% were netted with proprietary threat intelligence or readily matched
     patterns of previous attacks (heuristics).
   * The remaining 6% were suspicious messages that required human analysis to
     confirm the detection

 

 * User education matters but organizations must put it to good use, especially
   since most employees think phishing is IT’s problem to solve. Providing the
   users with a tool for ad-hoc scans of emails before submitting them to the
   helpdesk/SOC greatly reduces the volume of phishing alerts.
   * 6% of total of confirmed phishing threats were triaged by end users rather
     than bogging down helpdesk or SOC personnel with basic or initial analysis.
   * Of the messages submitted to the IDR platform, less than 2% were false
     positives.

 

Phishing Attack of Note

From July 16-17, Cyren’s Incident and Response analysts noticed an attack that
affected 192 users across 16 of our customers but with a few hallmarks of a
highly targeted effort. This shows that some attackers have refined their
tactics so they can automate attacks that used to require a high amount of
manual effort.

 * The sender’s name was spoofed and varied based on the target company. This is
   a typical trick used to associate the sender with an entity the users are
   likely to trust.
 * The email subject related to an incoming voicemail. Again, this is typical.
   Phishing email subjects tend to mention voice messages, shipments, invoices,
   password resets, etc. – anything that creates some urgency but is also in
   keeping with our digital, mid-pandemic lives.
 * There was no body text, just an attachment containing javascript. Criminals
   are increasingly putting phishing URLs or javascript in files to avoid the
   time of click protection offered by the SEG.
 * The attachment contained code that would open an Office 365 phishing page
   that displayed the target company’s logo and pre-completed the login form
   with the user’s email address. The fact that attackers were able to customize
   the look of the phishing page for each company is not something we see every
   day, at least not for an attack targeting so many companies at once.

 



Figure 2
Targeted Office 365 phishing attack.
The logo images and other identifying information have been redacted.

 

This attack is a good example of the ability of bad actors to execute targeted
attacks at scale through automation and abusing services and technologies
designed to accelerate and secure digital transformation. Like many phishing
attacks, this one targeted Office 365 credentials. Valid credentials would have
allowed the attackers to access a variety of Office 365 services to launch
devastating or email account compromise attacks and steal volumes of sensitive
data.

*Inbox Detection and Response is a new category of anti-phishing solution
designed to continuously detect and automatically respond to phishing, business
email compromise, email account compromise, and other targeted email threats.
Gartner’s name for IDR is Cloud Email Security Supplement (CESS) and Forrester
calls it Cloud-native API-enabled Email Security (CAPES).

Go back

Share:
Subscribe to this Blog
Read Another Article


THANK YOU!

Thank you for your request – a Cyren representative will be contacting you to
discuss how Cyren can benefit your business.

Subscribe to Cyren Security Blog

Please enter your email address

Subscribe

Your privacy is important to us. We will never share your information.

 * Cyren Inbox Security
 * Expert Content
 * Company
 * Get a Demo

Terms of Use // Privacy Policy // Cookie Policy © Cyren 2021. All trade/service
marks or names referenced on this site belong to their respective owners. The
information contained herein is subject to change without notice.
   
 * 
 * 
   
 * 
   





PRIVACY PREFERENCE CENTER




YOUR PRIVACY


YOUR PRIVACY

When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.

More information about our cookies


 * STRICTLY NECESSARY COOKIES
   
   
   STRICTLY NECESSARY COOKIES
   
   Always Active
   Strictly Necessary Cookies
   
   These cookies are necessary for the website to function and cannot be
   switched off in our systems. They are usually only set in response to actions
   made by you which amount to a request for services, such as setting your
   privacy preferences, logging in or filling in forms.    You can set your
   browser to block or alert you about these cookies, but some parts of the site
   will not then work. These cookies do not store any personally identifiable
   information.
   
   Cookies Details‎


 * PERFORMANCE COOKIES
   
   
   PERFORMANCE COOKIES
   
   Performance Cookies
   
   These cookies allow us to count visits and traffic sources so we can measure
   and improve the performance of our site. They help us to know which pages are
   the most and least popular and see how visitors move around the site.    All
   information these cookies collect is aggregated and therefore anonymous. If
   you do not allow these cookies we will not know when you have visited our
   site, and will not be able to monitor its performance.
   
   Cookies Details‎


 * TARGETING COOKIES
   
   
   TARGETING COOKIES
   
   Targeting Cookies
   
   These cookies may be set through our site by our advertising partners. They
   may be used by those companies to build a profile of your interests and show
   you relevant adverts on other sites.    They do not store directly personal
   information, but are based on uniquely identifying your browser and internet
   device. If you do not allow these cookies, you will experience less targeted
   advertising.
   
   Cookies Details‎

Back Button


ADVERTISING COOKIES

Filter Button
Consent Leg.Interest
Select All Vendors
Select All Vendors
Select All Hosts

Select All

 * REPLACE-WITH-DYANMIC-HOST-ID
   
   
   33ACROSS
   
   33ACROSS
   
   View Third Party Cookies
   
    * Name
      cookie name

 * REPLACE-WITH-DYANMIC-VENDOR-ID
   
   
   33ACROSS
   
   3 Purposes
   
   View Privacy Notice
   
   
   
   33ACROSS
   
   3 Purposes
   
   View Privacy Notice
   
   REPLACE-WITH-DYANMIC-VENDOR-ID
   
   Consent Purposes
   
   Location Based Ads
   
   Consent Allowed
   
   Legitimate Interest Purposes
   
   Personalize
   
   Require Opt-Out
   
   Special Purposes
   
   Location Based Ads
   
   Features
   
   Location Based Ads
   
   Special Features
   
   Location Based Ads



Clear Filters

Information storage and access
Apply
Confirm My Choices Allow All



ON CYREN.COM WE USE COOKIES TO IMPROVE YOUR USER EXPERIENCE.

By clicking “Accept All Cookies”, you agree to the storing of cookies on your
device to enhance site navigation, analyze site usage, and assist in our
marketing efforts. Cookie Policy

Accept All Cookies
Cookies Settings