ICO hit with 2,650% surge in email attacks in 2021

Official figures obtained via the Freedom of Information (FOI) Act revealed that the Information Commissioner’s Office (ICO) faced a 2,650% surge in email attacks in 2021

The data, which was analysed by think tank Parliament Street, showed detected and blocked spam to make up the majority of email attacks on the ICO, with a 2,775% increase recorded between January and December.

Phishing emails, meanwhile, rose by 20% from January to December, and malware soared by 423%.

The bulk of December attacks came from spam, with 4,125,992 attacks, whilst phishing emails made up 7,886 attacks and malware accounted for 1,197 attacks.

Attacks particularly surging in December coincide with the mass spread of the Omicron variant, which was accompanied by a swarm of COVID test-related attacks, along with Christmas scams in the lead up to the holiday season.

Why email is still the most significant vector that attackers exploit

Chris Powell, head of cyber labs at 6point6, explores why email remains the most significant attack vector that attackers exploit. Read here

“The pandemic continues to be a catalyst for opportunistic cyber criminals to try and prey on unsuspecting, vulnerable people,” said Steven Peake, manager at Barracuda Networks.

“Our recent research showed a 521% surge in covid test related phishing attacks, so it is hardly surprising to see major organisations, such as the ICO, hit by such a high volume of threats as they represent lucrative targets. Phishing emails, malware and spam in particular account for a large proportion of the threats these organisations face so they need to implement measures to protect themselves. These cyber attackers aren’t going anywhere anytime soon.”

Protecting against email attacks

To stay protected against email attacks such as spam, phishing and malware, Peake suggests utilising measures that leverage AI, to identify threats engineered to bypass defences such as spam filters.

“Utilising sophisticated email security which leverages artificial intelligence is an important measure for protection,” he continued.

“Leveraging technologies should be paired with staff education, providing awareness of phishing attacks, COVID-related scams and other possible incoming threats.”

Edward Blake, area vice-president EMEA at Absolute Software, commented: “Cyber security is not just about protecting endpoints via anti-malware or email cyber security solutions. Whilst these are important, there are now a variety of access points for cyber criminals to capitalise on that IT leaders need to be aware of. These include vulnerable unpatched applications and network vulnerabilities, stolen or illegally purchased log-in credentials, or even by hacking unprotected smart devices.

“In fact, it’s no longer even safe to assume that a cyber criminal hasn’t already gained access to your organisation’s system, which is why it’s imperative that businesses adopt a zero trust approach to their cyber defences. This will ensure that malicious actors can not move laterally across a network once they have gained access, ensuring that a breach in the system does not necessarily equate to a breach in data.”

Avatar photo

Aaron Hurst

Aaron Hurst is Information Age's senior reporter, providing news and features around the hottest trends across the tech industry.