Inside the 2022 Email Cyber Threat Landscape – Trend Micro

Bridge threat protection and cyber risk management
Improve your risk posture with attack surface management
Security that enables business outcomes
Gain visibility and meet business needs with security
Connect with confidence from anywhere, on any device
Secure users and key operations throughout your environment
Move faster than your adversaries with powerful purpose-built XDR, attack surface risk management, and zero trust capabilities
Maximize effectiveness with proactive risk reduction and managed services
Drive business value with measurable cybersecurity outcomes
See more, act faster
Evolve your security to mitigate threats quickly and effectively
Ensure code runs only as intended
Gain visibility and control with security designed for cloud environments
Protect patient data, devices, and networks while meeting regulations
Protecting your factory environments – from traditional devices to state-of-the-art infrastructures
ICS/OT Security for the oil and gas utility industry
ICS/OT Security for the electric utility
The most trusted cloud security platform for developers, security teams, and businesses
Secure your data center, cloud, and containers without compromising performance by leveraging a cloud security platform with CNAPP capabilities
Leverage complete visibility and rapid remediation
Simplify security for your cloud-native applications with advanced container image scanning, policy-based admission control, and container runtime protection
Security for cloud file/object storage services leveraging cloud-native application architectures
Defend your endpoints at every stage
Advanced cloud-native network security detection, protection, and cyber threat disruption for your single and multi-cloud environments.
Visibility and monitoring of open source vulnerabilities for SecOps
As your organization continues to move data and apps to the cloud and transform your IT infrastructure, mitigating risk without slowing down the business is critical.
Expand the power of XDR with network detection and response
Protect against known, unknown, and undisclosed vulnerabilities in your network
Detect and respond to targeted attacks moving inbound, outbound, and laterally
Redefine trust and secure digital transformation with continuous risk assessments
Protect your users on any device, any application, anywhere with Trend Micro Workforce One
Stop phishing, malware, ransomware, fraud, and targeted attacks from infiltrating your enterprise
On-premises and cloud protection against malware, malicious applications, and other mobile threats
A cloud-native security operations platform built to empower security teams
Operationalize a zero trust strategy
Stop adversaries faster with a broader perspective and better context to hunt, detect, investigate, and respond to threats from a single platform
Keep ahead of the latest threats and protect your critical data with ongoing threat prevention and analysis
Stop threats with comprehensive, set-it-and-forget-it protection
Augment security teams with 24/7/365 managed detection, response, and support
Augment threat detection with expertly managed detection and response (MDR) for email, endpoints, servers, cloud workloads, and networks
Grow your business and protect your customers with the best-in-class complete, multilayered security
Partner with a leading expert in cybersecurity, leverage proven solutions designed for MSPs
Add market-leading security to your cloud service offerings – no matter which platform you use
Increase revenue with industry-leading security
Discover the possibilities
We work with the best to help you optimize performance and value
Content has been added to your Folio
Cyber Threats
Key trends and predictions you should know about
By: Jon Clay Read time:  ( words)
Save to Folio
Trend Micro research each year has been publishing our Cloud App Security (CAS) data in the review of the previous year’s email threat landscape. In 2022, we scanned 79B+ emails (a 14% increase from 2021) that our customers received, and CAS would examine to determine if the email was good or malicious. Of this number, 39M+ were classified as high-risk emails and blocked for our customers. Let’s look a bit deeper into these results to give you an understanding of what types of malicious emails attackers are sending these days. In total, Trend Micro blocked over 146B threats targeting our customers in 2022, and email represented 55% of those threats. So, email is still the largest attack vector we see across our customer base.
One very interesting data point was the use of known versus unknown malware attachments. Known malware is easy to detect, so we saw a 32% decrease in the use of this type of attachment. Unknown malware is newly created, zero-hour malware, and as such, it can be harder to detect and defend against. We saw a 46% increase in the use of unknown malware attachments. Luckily, we have technology that can analyze a file and determine if it is malicious or not, so we were able to block these as well. Trend Micro Cloud App Security detected and blocked 4,263,650 malware files in 2022, for a 29% increase from 2021’s numbers. The number of unknown malware files also surged to 3,757,812, for a 46% increase.
This is a trend we’re seeing in all attacks, where the malicious actors will customize their attack and develop brand-new components that have not been seen before. So, the first time you see the threat is the first time anyone has seen this threat, and likely it won’t be used again. The old security paradigm were using multiple vendor solutions to hedge that one may detect it is out the door now. You need a solution that can detect unknown threats or, at a minimum, quickly identify that something is wrong.
We also saw a marked decrease in ransomware attachments which makes sense as mostly now the ransomware component of an attack is the last stage due to it being so noisy. You know if you have a ransomware infection due to the pop-up ransom screen on affected computers. We saw a 42% decrease in these attachments in 2022 from 2021.
Business Email Compromise (BEC) is a threat that the U.S. FBI has considered more of a threat than ransomware. Losses in the billions from BEC far outweigh the losses from ransomware. In our data, we’re also seeing a BEC increase in use by malicious actors. We saw a 35% YoY increase in BEC emails targeting customers. What is unique about BEC emails is the fact that they do not contain any links or attachments to identify them easily. These are simply socially engineered messages that try to get an employee to conduct a wire or bank transfer, which these targeted employees typically do daily as part of their job function. As such, detecting a BEC email can be difficult, but it isn’t impossible, as seen in the chart below.
You’ll see above that Trend Micro developed a new AI-based technology called Writing Style DNA, which analyzes how employees write within their emails. After analyzing hundreds of their emails, we could identify if a malicious actor crafted a fraudulent BEC-type email, alert the sender and recipient of the suspicious email, and allow them to take action.
Another area we’re seeing a lot of unknown threats is credential phishing attacks. While we did not see a similar increase in unknown phishing, it still represents the majority of overall phishing attacks.

Credential theft is a tactic that malicious actors utilize more and more. BEC attacks today are coming more from stolen email accounts that are stolen by credential theft. We’re seeing this threat continue to be used by these actors in many of their attacks. These fake login requests continue to be used through malicious links within emails to try and obtain the Office 365 account credentials of the victim. Many of these victims today are targeted executives and financial and human resources employees.
The good news is that Trend Micro developed Computer Vision, a technology combining image analysis and machine learning (ML) to check branded elements, login forms, and other site content to detect credential phishing emails and URLs embedded within emails.
Standard phishing emails continue to be a popular attack vector targeting employees in order to gain access to their computers and the network in general. In 2022, we blocked over 22M phishing emails, representing a 29% increase from 2021.
A few other areas we saw were a decrease in the use of Covid-19 as a lure within emails as well as the use of email targeting cryptocurrency and NFTs.
I recommend you review your messaging security solutions and audit your vendor to ensure they fully protect your email. This includes emails from outside in, inside, and out, as well as internal to internal, since all of these are attack surfaces utilized by malicious actors. The use of advanced detection technologies like Writing Style DNA and Computer Vision should be part of your solution as well as multiple layered technologies that all come into play when analyzing messages.
To read Trend Micro Annual Cloud App Security Threat Report, please visit:
Jon Clay
VP, Threat Intelligence
Try our services free for 30 days
Select a country / region
Privacy | Legal | Accessibility | Site map
Copyright ©2023 Trend Micro Incorporated. All rights reserved


Leave a Comment