A Baker’s Dozen of Cyberattacks

Written by Barracuda MSP Guest Blogger
November 30, 2020

The most successful cyberattacks are designed to bypass email gateway defenses using social engineering, fraud and other strategies.

The number and variety of cyberattacks continue to expand every year, with an increasing cost to businesses. The FBI estimates that cybercrime resulted in $3.5 billion in losses in 2019.

The majority of these attacks are initiated via email, and they involve increasingly complex techniques that traditional email security solutions are not designed to protect against. The most successful of these attacks are designed to bypass email gateway defenses using social engineering, fraud, and other strategies.

In Barracuda’s eBook 13 Email Threat Types to Know About Right Now, the company outlines an unlucky number of common attacks and how to guard against them. While a robust email gateway is a good start, more advanced solutions based on artificial intelligence (AI), machine learning and an API-based inbox defense approach can provide much more comprehensive protection.

In order of ascending complexity, here are the 13 key email threat types that Barracuda has identified.

Spam: These unsolicited bulk email messages have long been a nuisance. Often, these emails are used to conduct fraud or for phishing scams. It is estimated that more than half of the world’s email traffic is spam, and it costs $20 billion annually in losses. Over time, gateway solutions have become somewhat effective at blocking spam.

Malware: In these attacks, criminals use email to deliver malicious software in a document or download. While there are various types of malware, the vast majority is delivered via email, with ransomware as an increasingly popular tactic. Ransomware costs alone are estimated to have been nearly $170 billion in 2019. Gateway-level protection (including signature matching and sandboxing) can help reduce the threat.

Data exfiltration: This attack involves the unauthorized transfer of data from a computer, often through physical access to a specific computer or via malicious programming on the Internet. Data loss prevention (DLP) approaches can scan outbound emails searching for indications that sensitive data is being shared.

URL phishing: This scam involves tricking users via email to enter sensitive information on fake websites using similar-looking URLs. These highly effective attacks cost nearly $58 million in 2019. Gateways can use URL filtering to block access to these sites, and API-based inbox defense solutions can further protect companies by evaluating actual URL usage.

Scamming: These attacks rely more on psychology than technological trickery. Criminals use fake job postings or fund transfer requests to fool victims into disclosing sensitive information. Both gateway filters and API-based defense systems can effectively scan these types of emails, but end user training is also critical.

Spear phishing: These highly personalized and targeted attacks involve criminals researching potential victims and then creating well-crafted emails meant to fool victims into believing they are from a trusted business or colleague. These attacks are typically seeking login credentials or personal financial details. While traditional email security gateways have difficulty identifying these communications, API-based solutions can use historical email data to identify potential