Free Newsletters for the Channel
Register for Your Free Newsletter Now
It's only 2.5% of 100 million phishing emails Google blocks in a single day — and still the threat grows.
April 21, 2020
Google says it blocked 18 million COVID-19 themed phishing emails in one week this month alone. The tech giant is training its machine learning (ML) to detect and block COVID-19 themed attacks. The effort appears to be paying off. Still, the staggering number of COVID-19 themed phishing emails amounts to only about 2.5% of the 100 million phishing emails Google blocks in a single day on average.
Red Canary’s Chris Rothe
“The COVID-19 angle is not surprising. Attackers use what works and this crisis opens up a huge new lane for them to prey on people’s fear,” said Chris Rothe, co-founder and chief product officer at Red Canary.
But this new batch of COVID-19 baited phishing and spam campaigns require security teams to make quick adjustments in their strategies and tactics.
It’s no secret that Google machine learning models are some of the best in the world but even they need more training to stay abreast of current threats. So, too do ML-powered cybersecurity products from other vendors.
KnowBe4’s Erich Kron
“The fact that 18 million COVID-19-related emails are blocked each day just by Google is a sign of just how prolific these attacks are. In these times of high stress and change, cybercriminals know that humans are more vulnerable than ever to phishing and smishing attacks and are doing their best to capitalize on this,” said Erich Kron, Security Awareness Advocate at KnowBe4.
But the weakest link is what it has always been when it comes to stopping spearphishing threats: humans.
“Because people are working from home and often miss out on the security benefits of corporate networks and organization managed devices, the bad guys know that many of the technical controls that can save people are now missing,” said Kron.
That means security partners need to step up their human training as much as vendors need to ramp up machine training.
“The best thing organizations can do right now is to ensure that their employees have up-to-date training on how to spot and report phishing emails to their organization. By reporting these, organizations can have them removed from other mailboxes, limiting the exposure to these attacks within the organization,” Kron added.
Meanwhile, email providers have both fans and critics as the first wave of spearphishing protections.
Lucy Security’s Collin Bastable
“Relying on email filters, crypto and firewalls to protect remote workers from opening the door to cybercrime is naïve. Patching people is the only way that we are going to win the war on cybercrime,” said Colin Bastable, CEO of security awareness training company Lucy Security.
While Google is one of the leaders in ML and an array of security measures, it too has detractors.
“Hackers use Gmail accounts with spoof names in BEC fraud, and to associate Gmail accounts with phishing links, in phishing campaigns. Google gets to virtue-signal while playing both sides of the fence,” said Bastable.
“Google is also using the ‘https:’ certificate requirement as part of their browser war with Apple and Microsoft, kidding people into thinking encrypted browser sessions keep people secure when using Chrome. Over 80% of phishing sites use certificates. People must always ask themselves what is in it for Google,” Bastable added.
Read more about:MSPs
A prolific writer and analyst, Pam Baker’s published work appears in many leading print and online publications including Security Boulevard, PCMag, Institutional Investor magazine, CIO, TechTarget, Linux.com and InformationWeek, as well as many others. Her latest book is “Data Divination: Big Data Strategies.” She’s also a popular speaker at technology conferences as well as specialty conferences such as the Excellence in Journalism events and a medical research and healthcare event at the NY Academy of Sciences.
You May Also Like
Cloud Computing News: AWS Loses Another Key Exec to Azure; Canalys, Vega Cloud, Hyve NewsFeb 23, 2024
Channel Futures Reveals 2024 Circle of Excellence InducteesFeb 23, 2024
Canalys Channel Leadership Matrix Names AWS, Cisco, HP Among 'Champions'Feb 22, 2024
CrowdStrike, SonicWall Cyber Threat Reports Highlight Attacks, Popular TacticsFeb 21, 2024