Average Organization Targeted by Over 700 Social Engineering Attacks Each Year: Report

A new report from cybersecurity firm Barracuda has revealed that IT staff and CEOs continue to face a barrage of phishing attacks throughout the year.

Barracuda analysts examined more than 12 million spear phishing and social engineering attacks affecting more than 3 million mailboxes in more than 17,000 organizations between May 2020 and June 2021.

The report “Spear Phishing: Top Threats and Trends Vol. 6 – Insights” found that 43% of phishing attacks masquerade as Microsoft and the average business is the target of over 700 social engineering attacks each. year.

Almost 80% of BEC attacks target employees outside of finance and executive roles, with the average CEO receiving 57 targeted phishing attacks annually and IT staff receiving an average of 40 targeted phishing attacks annually.

Cryptocurrency-related attacks also increased by 192% between October 2020 and April 2021, and the researchers noted that the number of attacks increased alongside the general price of various cryptocurrencies.

Almost 50% of all social engineering threats the company has seen in the past year have been phishing spoofing attacks, and nearly all of them have included a malicious URL.

“While phishing emails aren’t new, hackers have started to deploy ingenious ways to evade detection and send their malicious payloads to users’ inboxes. They shorten URLs, use lots of redirects, and host malicious links on document sharing sites, all to avoid being blocked. by email analysis technologies, ”the report said.

“Phishing identity theft attacks have also been trending on the rise. These attacks accounted for 46% of all social engineering attacks we detected in June 2020 and rose to 56% by the end of May. 2021. “

Business email compromise attacks accounted for only 10% of attacks observed by Barracuda analysts, but cost companies in education, healthcare, commerce and travel millions millions.

Hackers also continue to use many of the same tactics, including the use of marks for phishing impersonation attacks.

Microsoft, WeTransfer and DHL are the top three brands used in identity theft attacks since 2019. Due to the pervasiveness of the business, Microsoft has been used in 43% of phishing attacks in the last 12 month.

Often, cybercriminals will “send fake security alerts or account update information to trick their victims into clicking a phishing link.” The same goes for WeTransfer, which has grown from 9% of all phishing attacks to 18% by 2021.

The rest of the top ten emulated brands include Google, DocuSign, and Facebook.

Don MacLennan, senior vice president of email protection at Barracuda, said cybercriminals are now targeting employees outside of finance and executive teams, looking for weak links in organizations.

“Targeting lower level employees gives them a way to step through the door and then progress to higher value goals,” said MacLennan. “That’s why it’s important to make sure you have protection and training for all employees, not just focusing on those you think are most likely to be attacked.”

Source link

James F. So