Cybercriminals are continually improving their strategies and making their attacks more difficult to detect. Barracuda recently released their observations on the state of cybersecurity in 2022. We will explore the most recent developments in social engineering and the new ways attackers are employing to deceive their victims in this in-depth analysis.
Key Findings of the report
- Conversation hijacking grew almost 270% in 2021.
- 51% of social engineering attacks are phishing.
- Microsoft is the most impersonated brand, used in 57% of phishing attacks.
- 1 in 5 organizations had an account compromised in 2021.
- Cybercriminals compromised approximately 500,000 Microsoft 365 accounts in 2021.
- Cybercriminals sent out 3 million messages from 12,000 compromised accounts.
For years, security providers like us, have concentrated on defending against email threats, and the alike have shown to be effective in stopping the majority of malicious or undesired email communications. However, such a strategy is no longer sufficient.
Despite the fact that corporations can stop millions of attacks, email threats continue to succeed as they become more complicated and cleverer. As cybercriminals change from bulk to targeted attacks, from malware to social engineering, and from acting as solitary hackers to building sophisticated criminal organizations benefitting from operations that start with a single phishing email, a fundamental shift is taking place.
Hackers employ a variety of techniques to persuade their victims to do things like hand over their credentials so that the attackers can get access to the company’s network, share sensitive information that could be sold or used in future assaults, or just send money, gift cards, or money transfers.
In the research it is noted there are 13 different types of email threats that businesses face today. These range from high-volume attacks like spam or malware to more focused threats like business email breaches and impersonations that exploit social engineering.
To fool victims into clicking on a phishing link, phishing impersonation assaults would frequently pose as emails from a well-known company or business. These attacks account for 51% of all socially engineered threats we’ve encountered in the last 12 months. A malicious URL will almost always be included in this type of attack.
Although phishing emails are not new, hackers have begun to employ inventive methods to circumvent link security mechanisms and send their dangerous payloads to victims’ inboxes. To avoid being stopped by email scanning systems, they shorten URLs, employ several redirections, and put dangerous links on document-sharing sites.
Above All Else
If you see one of these warning notices or phishing emails, do not interact with it under any circumstances.
As part of their ransomware attacks, hackers are increasingly employing phishing. They pose as well-known businesses to trick people into visiting phishing sites and stealing their login information. They can spread ransomware from within a company’s accounts if they have access to its accounts, minimizing the odds of it being discovered.
Conversation hijacking, also known as vendor impersonation, is a sort of targeted email assault in which cybercriminals use information obtained from hijacked email accounts or other sources to insert themselves into current business discussions or create new ones.
Account takeover attacks frequently, but not always, include conversation hijacking. Phishing attacks are used by criminals to acquire login credentials and gain access to company accounts. They then spend time reading emails and monitoring the compromised account to gain a better understanding of business operations and learn about ongoing negotiations, payment procedures, and other details. Criminals use this data, which includes internal and external communications between employees, partners, and customers, to create authentic-looking and compelling messages, send them from spoof domains and dupe victims into sending money or altering payment details.
Top brand impersonations
In the study of the top ten impersonated brands, Microsoft was found in 57% of phishing attacks, up from 43% in July 2021. Over the last two years, hackers have taken advantage of the growing popularity of Microsoft’s cloud-based services and remote working. To encourage their victims to click on the phishing link, cybercriminals will email false security alerts or account update information. These attacks have a basic goal: to steal login credentials in order to obtain access to corporate networks. Hackers can then start further phishing operations, including ransomware, from there.
With 79% of organizations having migrated to Microsoft 365 and many more looking at doing so in the immediate future, it’s not surprising that Microsoft brands remain a top target for cybercriminals.
Best practices to protect against spear-phishing attacks
With all that being said the importance of cyber hygiene is imperative. Organizations today face increasing threats from targeted phishing attacks. To protect your business and users, you need to invest in technology to block attacks, and in training to help people act as a last line of defence.
- Take advantage of artificial intelligence.
- Deploy account-takeover protection
- Monitor inbox rules and suspicious logins.
- Use multi-factor authentication
- Automate incident response
- Train staffers to recognize and report attacks
- Review internal policies
Not sure where to start with all of this? Or re-evaluating your company’s cyber policies? We would be happy to walk you through your current practices and help you create an effective security plan. If you would like to download the full Barracuda research you can do so here, and for more of our content on cybersecurity read our latest content.