Email is one of the main technological innovations that has revolutionized the way we understand the world, as well as reconfigured the business model. Since its invention in 1965, the evolution of this means of communication has been transgressive, and according to data from Statista, there were already more than 4.26 billion users using email in 2022 and the number of emails sent on that same date amounted to 330,000 million, with a growth forecast of 17.8% until 2026. However, the high use of this technology has also made it one of the most vulnerable: according to Tecnopedia, more than 3,400 million emails occur. daily phishing attacks, with these attacks being responsible for 90% of data breaches.
On the occasion of National Email Day, Check Point Software Technologies wanted to review the evolution of email, to see how it was born and developed until it became one of the main means of communication today, and in turn, the main point of attack by cybercriminals. According to Check Point Software sources, currently, more than 90% of attacks on companies originate from malicious emails. In the last thirty days, 62% of malicious files have been distributed through email, and it has been shown that one in 379 emails contains this type of files, with the PDF format being the most common, with a percentage of 59, 3% frequency.
Check Point Software also reveals how phishing is prevalent in different regions: in Europe, an organization is being attacked an average of 871 times per week in the last 6 months, while 89% of malicious files were sent via email. In Africa, the data is even more alarming: an organization is attacked an average of 2,042 times per week, while 77% of malicious files are sent by email.
The evolution since the first email
Email was invented in 1965 by a group of researchers at the Massacahusetts Institute of Technology (MIT). It was the first electronic messaging system for internal use, although at that time it differed greatly from what is known today. In 1971, Ray Tomlinson invented the email system with an infrastructure similar to today’s: it was a personal digital mailbox in which you could receive messages.
Email began to be used as a method of doing business in 1978, when the first email marketing campaign began. The person responsible for this task was Gary Thuerk. However, email was restricted to business use until the late 1980s. Microsoft Mail was the first program released for users, which in turn added the option to add attachments in 1992. From that moment on, Other electronic mailbox options began to emerge: Microsoft Outlook in 1993, Hotmail in 1996, Yahoo Mail and Gmail.
Email has been one of the most recurrent malware distribution formulas, with attacks as significant as Creeper or Happy99, causing corporate disasters such as WannaCry (3.8 billion euros) or MyDoom (34 billion euros).
Phishing attacks are one of the most used formulas for the distribution of malware and ransomware.
These types of cyber threats began in 1996, when the term was first used by America Online (AOL). Cybercriminals created random credit card numbers and opened new accounts on AOL, posing as employees of the service itself to steal users’ credentials. Later in the 2000s, the concept of ‘Spray and Pray’ emerged, a phishing campaign in which a well-known brand was impersonated to scam potential customers and steal their credentials.
This threat has evolved over time using sophisticated techniques such as identity theft and putting Artificial Intelligence and DeepFake technology at your service. Spoofing is a technique where the use of AI is essential: the attacker falsifies the email address to impersonate another person or company with the main objective of tricking the recipient into believing that the email comes from a legitimate source. Ransomware attacks very often use these types of methods to encrypt the victim’s files or lock the entire system until the ransom is paid. According to Check Point Software, 10% of companies globally have experienced ransomware attacks, which is a 33% increase compared to the previous year.
The scope of phishing attacks is unlimited and mainly affects large corporations: according to Check Point Research (Brand Phishing Report Q1 2024) on phishing attacks, Microsoft was the most attacked (38% of phishing attacks worldwide), followed by Google and LinkedIn. This type of threat can lead to large-scale data leaks, as has recently happened with the well-known “Mother of Breaches” case that occurred this January 2024, with a leak of more than 26 billion records containing user data. from LinkedIn, Twitter, Tencent and other platforms.
