How a revolutionary technology was usurped for evil, and what we can do about it

Since its inception, email has gone from a novelty, to a necessity, to at times a nuisance, and now, to downright nefarious. “You’ve got mail” has somehow turned into “You’ve got malware.” Email has become and remains to this day the number one vector for distributing cyber threats. So how did we get here?

Novelty – You’ve Got Mail!

It all started in the 1970s, when the first electronic messages were sent. At first only in the realm of computer scientists and academics, Queen Elizabeth sent her first email in 1976. It wasn’t long before email hit the mainstream in the 1990s. And soon, there was even a hit movie centered around it. (Who could forget 1998’s ‘You’ve Got Mail’ starring Meg Ryan and Tom Hanks?)

Necessity – #1 Means of Doing Business

Today, it’s hard to imagine life without email – especially when it comes to doing business. While personal communication via email has sometimes given way to newer methods like texting and social media, email is still the number one tool for business communication. Studies have shown that the average professional receives over 120 emails a day.

Nuisance – First Came Spam…

The world was clearly thrilled about email – including, unfortunately, those with less-than-pure intentions for it. The first spam message was sent in 1978 before email even became widespread; and by the 2000s, the U.S. government had to enact laws to control the deluge of unsolicited emails. To this day, spam still accounts for roughly half of all email sent worldwide.

Nefarious – One Vector, Many Attacks

But, of course, nuisance spam is no longer our main concern. Over the years, email has been the conduit for far more serious attacks. Threat actors soon realized that email could be used not only to coerce people into buying things, but also to trick them into handing over proprietary data, downloading malware on corporate systems, siphoning money out of their company, and so on.

This one vector has given rise to many different types of threats. According to ESG, 7 out of 10 organizations feel that email security has gotten more difficult over the past two years.

Our recent Cisco 2019 CISO Benchmark Study indicates that many of the top threats facing today’s organizations – including malicious spam, phishing, and ransomware – involve email compromise.

Worms and Botnets

One of the earliest forms of email-based attacks came in the form of mass-mailing worms. For example, the ILOVEYOU virus spread like wildfire over email in 2000. Millions of targets around the world opened malicious attachments that overwrote files on their computers. The worm continued spreading by sending copies of itself to other users in the victims’ email address books.

The 2000s also saw the rise of botnets (large groups of computers taken over and controlled by attackers to carry out cybercrime), which further proliferated spam and other attacks.

Phishing and Business Email Compromise

Shortly after email became nearly ubiquitous in the 1990s, we also began to see the first instances of phishing. Phishing refers to the use of bogus emails disguised to be from trusted entities. Phishing emails are sent to unsuspecting users to entice them to give away confidential information or click on malicious links/files. Even the most sophisticated users continue to fall victim to these attacks. Industry reports indicate that more than 90 percent of successful cyberattacks stem from phishing.

The attack method has further evolved as well, with spear phishing now being used to target specific companies or individuals through more personalized emails. And some attackers go so far as to use business email compromise (BEC) to fool high-value targets such as CEOs and CFOs into wiring money or sending sensitive information to them. According to the FBI, BEC caused more than $12.5 billion in losses over 4.5 years.

A sample phishing email


Speaking of money, we should all be more than familiar with ransomware by now. Instead of just stealing data from systems, ransomware encrypts it and holds it hostage until victims pay a ransom to get it back. Users merely have to click on a link in an email, or open a malicious attachment, to launch the attack. By 2021, businesses will fall victim to ransomware every 11 seconds.

Malicious Cryptomining

2018 saw ransomware be overtaken by cryptomining, which arose as the year’s most prominent online money-making scheme. Through malicious cryptomining, attackers infiltrate networks using email or other methods, and use companies’ IT resources to generate cryptocurrency. It has become a popular attack method because it doesn’t require any cooperation or even knowledge from victims to make money.

However, it should be of concern to organizations since it can cause problems with resource constraints, power consumption, network performance, and regulatory compliance. Additionally, the presence of malicious cryptomining on a network can point to security holes that could also be exploited by other attackers.

Email Extortion

Perhaps most nefarious, threat actors have recently taken to using email to distribute a variety of extortion-based attacks. In one type, sextortion, attackers claim to have evidence (such as a sexually explicit video of the target), and demand money in return for not distributing it.

Despite the empty threats and lack of actual evidence, victims have been tricked into sending these extortionists large sums of Bitcoin. Even more insidious, attackers have also gone so far as to use extortion threats to distribute fake bomb scares, i.e., “we have placed a bomb in your office building, but if you pay us, we will not detonate it.”

Developing a Multi-Layered Email Security Defense

Besides all largely stemming from email, the above attacks have another thing in common: there is no single technology that can stop them. As with all types of security today, protecting against email-based threats requires a layered approach. Cisco Email Security gateways include several layers of defenses for inbound and outbound mail. They protect against threats in email text, links, and attachments with technologies such as:

  • Antispam
  • Antivirus
  • Encryption
  • URL analysis
  • Sender reputation
  • Data Loss Prevention (DLP)
  • Advanced authentication

Cisco offers additional cloud security services including:

  • Advanced Phishing Protection – Uses machine learning to protect against deception-based threats. The technology learns identities and behavioral relationships to become intelligent and prevent costly breaches. It can also automatically remove malicious emails from users’ inboxes to combat wire fraud or other advanced attacks.
Cisco Advanced Phishing Protection
Cisco Advanced Phishing Protection
  • Cisco Domain Protection – Protects your outbound communications so your organization does not inadvertently become the attacker. Using the DMARC standard as the most effective method, Cisco Domain Protection provides visibility to identify and eliminate sources of illegitimate email. It can prevent phishing and other malicious emails from being sent using your domain.
  • Advanced Malware Protection (AMP) – Malware protection is a critical component for thwarting email-based attacks. Cisco AMP for Email Security analyzes emails for threats such as zero-day exploits hidden in malicious attachments. Once a file crosses the email gateway, AMP continues to watch, analyze, and record its activity. If malicious behavior is spotted later, AMP sends you a retrospective alert so that you can contain and remediate the malware. This continuous monitoring and visibility reduces time to detection, as well as the impact of attacks.
  • Multi-Factor Authentication – Duo Security, now a part of Cisco, verifies user identities, provides visibility into every device, and enforces adaptive policies to secure access to all applications. This helps protect individuals’ credentials from being stolen and shared via phishing attacks, reducing the risk of a data breach.
  • Cisco Threat Response By providing automated integration across several Cisco security products, including Email Security, Cisco Threat Response (CTR) serves as a foundation for fast, efficient incident investigation and response. It aggregates threat intelligence from Cisco and third-party technologies, as well as Cisco Talos, into a single interface to dramatically streamline security.
Cisco Threat Response
Cisco Threat Response

Cisco Email Security can be delivered via an appliance, virtual, cloud, or hybrid model to adapt to your organization’s needs. It can also help secure organizations moving to cloud-based email platforms like Microsoft Office 365 and Google’s G Suite.

Less Menace, More Miracle

Predictions show that email will continue to be a necessity in the foreseeable future. Our goal at Cisco is to help make it less nefarious, and less of a nuisance, to restore its reputation as one of the most game-changing innovations of the 20th century.

To learn more about comprehensive email security practices, go to cisco.com/go/emailsecurity.


Bobby Guhasarkar

Senior Director of Product Marketing

Security Business Group