Starting on February 27th, Avanan has noticed an 8x increase in email-borne attacks originating from Russia.


The attacks are mostly of the credential harvesting method attempting to take over and compromise the recipient’s email account. Though the method used to induce users to give over credentials is not new, it is increasing dramatically in number. 

Among our customers, we’ve noticed the top industries hit have been manufacturing and international shipping and transportation. Companies from both the US and Europe have been targeted. 

If you are an Avanan customer and in Protect (Inline) mode, this attack is blocked and users will not see them in their inbox. If you are in Monitor Mode, we recommend that you move to Protect (Inline) mode. Regardless, given the uncertainty surrounding the crisis and our assumption that these attacks may carry the sophistication only seen from state-sponsored actors, we recommend that all customers share an advisory with their end-users to refresh IT Security best practices. With this specific attack, we also recommend rolling out multi-factor authentication to cloud services and Microsoft 365 in particular. 

Avanan’s Security Analysts will continue to put extra focus on new email attack methods and attacks that may originate from Russia.

Subscribe to Our Attack Briefs for More Research