The 2021 Email Threat Report shows email remained a key attack vector with criminals exploiting spam, phishing, and malware. Spam volumes declined 43% from 2019, but malicious attachments rose, with Microsoft Excel files making up 39% of all malicious attachments, many using Excel 4.0 macros. Emotet distributed password-protected Word documents until its takedown in early 2021. Agent Tesla, Nanocore, and Dridex dominated payloads, while old vulnerabilities like CVE-2017-11882 were still widely exploited. Phishing accounted for 1.4% of spam, often abusing Microsoft 365, cloud services, and COVID-19 lures. Business Email Compromise grew, with Gmail addresses used in 58% of cases. Recommended defenses include patching, quarantining risky files, anti-spoofing, and phishing awareness training.

Join for free to read