Evolution of Email Threats: The Rise of Ransomware, Spear Phishing and Whaling Attacks 


Email has been around since the 1970s. Today, everyone and every business uses email for their communications. To put things in perspective, according to Radicati group – 122 business emails were sent and received per user per day in 2015! That is a lot of email for humans to process without making a bad judgement call. It has also become the vector of choice for threat actors to initiate advanced phishing campaigns.

Spam emails were the first form of email borne threats and the first documented email spam attack happened in 1996. Spam was unwanted mail that clogged up people’s inboxes. Malware was sent using spam emails to try to get confidential information or exfiltrate data. Spam was been seen as more of an annoyance.

Over the years, email-borne threats have transitioned to disruption of businesses and services. Today the attacks are more sophisticated and targeted, resulting in financial and reputation loss. It has become easy for hackers to monetize their attacks using zero-day malware, which is available on the dark web marketplace. Attacks such as ransomware and spear-phishing have a direct impact on an organization’s bottom line.

Threat actors used phishing tactics and sent mass email campaigns to try to dupe unsuspecting victims. These were mass email campaigns with a low success rate. Today, attackers carry out targeted and focused tactical email campaigns as part of a spear phishing attack. Social engineering plays a big part in phishing campaigns today.

Reports indicate that phishing campaigns now use ransomware and zero-day malware is the next evolution in phishing. According to the 2017 SonicWall Threat Report the most popular payload for malicious email campaigns in 2016 was ransomware, and the trend is expected to continue throughout 2017.

The top email-borne threats today are – ransomware, spear phishing and whaling or business email compromise.


Ransomware is a type of malware (usually zero-day on unknown) that is designed to encrypt data and block access to a computer system until a sum of money is paid.

According to a study conducted by SANS Institute, Ransomware delivered through phishing emails has emerged as the most identified type of attack for those organizations that had experienced a           breach. This is in line with the findings of the 2017 SonicWall Threat Report, in which ransomware was found to be the payload of choice for malicious email campaigns.

Another study conducted by that Osterman research group shows that nearly one-half of companies in North America were a victim of ransomware in the last 12 months. And no surprises here, as nearly 60% of ransomware was delivered through emails either using malicious links or malware-ridden attachments.

Ransomware is quickly becoming an epidemic for organizations worldwide.

Spear Phishing

Spear phishing attacks are targeted socially engineered campaigns designed to trick unsuspecting employees. Attackers create fake profiles on social media and networking sites to gather information and launch targeted email attacks in the future.

According to SANS 2016 Threat Landscape Survey, spear phishing and whaling are significant forms of attacks reported. Another survey by Cloudmark estimates that the cost of a spear phishing attack is 1.6M and 73% of companies acknowledge that spear phishing poses a significant threat.

Business Email Compromise (BEC)

BEC emails spoof trusted domains and imitate brands and corporate identities. In many cases, the emails appear from a legitimate trusted sender or from the company CEO typically asking for wire transfer of money.

According to the FBI – BEC is defined as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.

This is a very real and a growing issue. The FBI has put up a public service announcement saying that BEC is a 3.1 billion dollar problem. Even the IRS has recently put up a notice on its website to educate people regarding this form of threat.

Today’s advanced threats require a new set of email security features in addition to the traditional capabilities. A multi-layered email security solution ensures protection to protect business communications. Businesses need a next-generation email security solution that offers comprehensive threat prevention capabilities.

Read our solution brief: What Your Next-Gen Email Security Needs to Stop Advanced Threats – to learn what your email security solution needs to block today’s advanced email-borne threats.

SonicWall Staff