October Attack Trends: Foreign Email Attacks Increase - Abnormal Security

October Attack Trends: Foreign Email Attacks Increase

By Erin Ludert & Sanny Liao

Email attacks can reach an organization from anywhere in the world, and while the majority of attacks come from email servers within the United States, throughout 2020, about 40-50% of attack campaigns originated from a foreign source.*  Attacks from foreign servers declined steadily in the first 8 months of 2020, reaching a low of 28% of all attacks in August, then started increasing rapidly in the fall. By October 2020, attacks from foreign servers reached a high of 71% of all attacks.

Russian Credential Phishing Takes the Top Spot

To date, the largest volume of email attacks targeting American organizations have originated from the United States, followed by the United Kingdom, Canada, and Vietnam. However, in the month of October, attacks originating from Russia, the Ukraine, India and Turkey rose more than 50% over the previous month.

While the most common foreign attack type is Spam, attacks from Russian servers are notable in that the majority of campaigns are Credential Phishing, with a remarkable increase in malware.  Starting in late June, the percentage of campaigns coming from Russian servers began to rise, increasing from an average of about 1% of all attack campaigns in the first half of the year, to nearly 7% of campaigns during the first week of October, replacing the United Kingdom as the top foreign source of email attacks.  However, at the end of the month, Russian attacks declined and were overtaken by attacks from India and China.   

Roles and Industries Targeted 

During October, C-level executives were the most targeted group by foreign attackers. While the average employee only has a 2% chance of being a recipient of a foriegn attack, C-level executives are 9x more likely to receive such an attack.  On average, executives can expect to receive 8 foreign-server-originated attacks per month.

C-level executives are 9x more likely to receive such an attack

While no industry is immune to attention from cyber criminals, not all industries are equally targeted by foreign attackers.  Those in the Energy and Infrastructure sectors, in particular, are targeted much more heavily than their peers. During October, over 50% of attacks received by Energy and Infrastructure organizations came from foreign servers.  At the other end of the spectrum, less than 10% of attacks on financial institutions came from foreign servers. 

*For the majority of attacks, it is not possible to determine the attacker’s physical location, only the location of the server the email attacks were sent from.   In this report, an attack is considered to have come from a given country if either the attacker was physically located there, or the email was sent from a server located there and the attacker’s location was unknown.

Related content