The evolution of spear phishing and who criminals are targeting

3 years ago 424

A study from Barracuda Networks besides identifies onslaught risks associated with assorted roles passim a institution ranging from CEOs and IT departments to employees successful sales.

work.jpg

Image: GettyIMages/South_agency

In caller months, a drawstring of high-profile cyberattacks connected critical aspects of the U.S. infrastructure has brought conversations surrounding cybersecurity beforehand and halfway for companies astir the globe. On Wednesday, Barracuda Networks published a study entitled "Spear Phishing: Top Threats and Trends'' highlighting the latest information trends and tactics cybercriminals are deploying.

"Whether it's taking vantage of the buzz astir cryptocurrency, stealing credentials to commencement a ransomware attack, oregon tailoring attacks to little suspicious targets successful debased illustration roles, cybercriminals are perpetually adapting their tactics and making their attacks much sophisticated," per the report.

SEE: Security incidental effect policy (TechRepublic Premium)

Attack hazard by relation

Overall, the mean enactment volition look much than 700 societal engineering cyberattacks annually, and 10% of the targeted attacks are concern email compromises (BEC), according to the report. Among societal engineering attacks analyzed by Barracuda researchers, phishing represented 49%, followed by scamming (39%), BEC (10%) and extortion (2%).

A information of the study identifies onslaught risks associated with assorted roles passim a institution ranging from CEOs and IT departments to employees successful sales. On average, IT professionals person 40 targeted phishing attacks annually and this fig jumps to 57 for CEOs. Overall, 19% of BEC attacks absorption connected workers successful income positions and 77% people professionals "outside of concern and enforcement roles," per the report.

"Due to the quality of their role, income reps are utilized to getting outer messages from senders they haven't communicated with before. At the aforesaid time, they are each connected with payments and with different departments including finance. For hackers, these individuals could beryllium a cleanable introduction constituent to get into an enactment and motorboat different attacks," the study said.

Brands and "phishing impersonation"

Overall the brands astir often utilized successful the impersonation attacks see Microsoft, WeTransfer, and DHL, with the study noting that the apical 3 person "stayed accordant since 2019." Over the past year, Microsoft was impersonated successful astir fractional (43%) of phishing attacks, down from 56% successful 2019, according to Barracuda data. The power to distant enactment arsenic good arsenic accrued e-commerce and deliveries during the coronavirus pandemic could play a relation successful these preferred marque impersonation tactics.

"With 79% of organizations utilizing Office 365 and galore much looking astatine migrating successful the contiguous future, it's not astonishing that Microsoft brands stay a apical people for cybercriminals," the study said.

In order, WeTransfer (18%), DHL (8%), Google (8%), eFax (7%) and DocuSign (5%) circular retired Barracuda's apical six impersonated brands.

"Around 12% of attacks utilized either DHL oregon USPS branding to supply fake updates connected shipments and deliveries. Hackers person been capitalizing connected the information that truthful galore radical person been stuck astatine location implicit the past twelvemonth and getting much deliveries," the study said.

SEE: How to negociate passwords: Best practices and information tips (free PDF) (TechRepublic)

Over the past year, cryptocurrencies person made headlines for myriad reasons ranging from c footprint concerns to pricing volatility. Interestingly, cybercriminals look to beryllium riding the question of crypto fanfare and utilizing integer currencies arsenic bait successful caller attacks. From October 2020 to April, "cryptocurrency-related impersonation attacks" spiked 192%, according to the Barracuda report.

"Hackers impersonated integer wallets and different cryptocurrency-related apps with fraudulent information alerts to bargain log-in credentials. In the past, attackers impersonated fiscal institutions targeting your banking credentials. Today they are utilizing the aforesaid tactics to bargain invaluable bitcoins," the study said.

Methodology

From May 2020 done June 2021, the study said the Barracuda researcher squad looked astatine "more than 12 cardinal spear phishing and societal engineering attacks impacting much than 3 cardinal mailboxes" crossed 17,000 organizations.

Executive Briefing Newsletter

Discover the secrets to IT enactment occurrence with these tips connected task management, budgets, and dealing with day-to-day challenges. Delivered Tuesdays and Thursdays

Sign up today

Also spot

Read Entire Article