Businesses face 101% spike in email threats

Australian businesses are facing a surge of email cyber attacks after recording nearly 33.6 million cloud email threats in 2021, a 101% increase on the previous year.

27 June 2022

Trend Micro's latest research on the mounting number of cyber risks highlighted that 48% of local organisations don't believe their method of assessing risk exposure is sophisticated enough, underlining the vulnerability of Australia's corporate sector to increasingly insidious email threats.

Email remains a top point of entry for cyber attacks as demonstrated by this massive increase. Many Australian businesses faced spear-phishing, business email compromise (BEC) and email-based ransomware attacks in 2021.

Mick McCluney, Technical Director at Trend Micro, said each year innovation in the threat landscape contributes to the evolution of the corporate attack surface, but email remains a major threat to organisations.

"The best shot defenders have at mitigating these risks is by taking a platform-based approach to shine a powerful light on threats and deliver streamlined prevention, detection and response without limits," Mr McCluney said.

“Email is an integral cog in the digital transformation machine. This was especially true in 2021, when organisations found themselves trying to keep business operations afloat in the middle of a pandemic that has forever changed how people work. At a time when the workplace had already largely shifted from offices to homes, malicious actors continued to favour email as a low-effort yet high-impact attack vector to disseminate malware.”

The Trend Micro researchers found a total of 16.5 million emails in phishing attacks were detected, a 138% increase as the hybrid workforce continued to be targeted. There were 6.3 million in credential phishing attacks, a 15% increase as phishing remains a primary means of compromise.


Explore our cyber training and resources to defend against online threats to your business. Plans start from only $10/month.

Around 3.3 million malicious files were detected, including a 134% surge in known threats and a 221% increase in unknown malware.

“Cybercriminals worked overtime to attach malware in malicious emails in 2021 using advanced tactics and social engineering lures,” the report said.

“In January, we saw how Emotet sent spam emails that used hexadecimal and octal representations of IP addresses for detection evasion in its delivery of malware such as TrickBot and Cobalt Strike.”

Ransomware detection, however, had been found to be in decline by 43% year-over-year.

“The reason behind this continuing decline is possibly twofold: One, unlike legacy ransomware that focuses on the quantity of victims, modern ransomware focuses on waging highly targeted and planned attacks to yield bigger profits,” Trend Micro said.

“Since today’s ransomware actors no longer abide by the spray-and-pray ransomware model, the number of attacks are no longer as massive as the number that we witnessed in ransomware’s early days. 

"We identified the other reason in our year-end roundup report: That is, it’s possible that ransomware detections are down because improved cyber security solutions continue to block an increasing number of ransomware affiliate tools each year, including TrickBot and BazarLoader. This could have prevented ransomware attacks from being successfully executed on victim environments."


Train your staff to be the frontline of your defence against cyber attacks with plans starting from $10/month

Found this useful?

Subscribe to our newsletter and receive the best business tips and articles straight to your inbox.

Thank you for signing up to our newsletter. You're one step closer to receiving more insightful information to help better your business.

We take your privacy seriously and by subscribing to our newsletter you agree to the terms of our Privacy Policy available below.