Surge in targeted spear phishing as attackers look for weak link
There has been a dramatic increase in targeted malicious email attacks, according to a new report from Barracuda.
The report, Spear Phishing: Top Threats and Trends Vol. 6 Insights into attackers evolving tactics and who they are targeting, provides fresh insights into recent trends in attacks and what can be done to improve protection against them.
The report examines current trends in spear phishing, which employees are being targeted the most by different attacks, and the new tricks attackers are using to sneak past victims defences. It also tackles the best practices and technology that organisations should be using to defend against these types of attacks.
"Cybercriminals are getting sneakier about who they target with their attacks, often targeting employees outside the finance and executive teams, looking for a weak link in your organisation," says Don MacLennan, SVP, Engineering & Product Management, Email Protection, Barracuda.
"Targeting lower level employees offers them a way to get in the door and then work their way up to higher value targets," he says.
"That's why it is important to make sure you have protection and training for all employees, not just focus on the ones you think are the most likely to be attacked."
Evolving attack trends
Between May 2020 and June 2021, Barracuda researchers analysed more than 12 million spear phishing and social engineering attacks that had affected more than three million mailboxes at more than 17,000 organisations. Some of the key results include:
- 1 in 10 social engineering attacks involve business email compromise (BEC)
- There has been a noticeable shift from volumetric to targeted attacks
- 77% of BEC attacks target employees outside of financial and executive roles
- 1 in 5 BEC attacks target employees in sales roles
- IT staffers receive an average of 40 targeted phishing attacks in a year
- Phishing impersonation attacks made up 46% of all social engineering attacks in June 2020 and grew to 56% by May, 2021.
- The research found that, while extortion attacks made up only 2% of the total during the past year, the number reported actually increased by 78% on the previous 12 months and estimated losses were more than $US70 million.
Phishing impersonation, where a criminal pretends to be a legitimate brand, continues to be a popular tactic. During the 12 months covered by the research, Microsoft was used in 43% of phishing attacks. This was followed by WeTransfer (18%), DHL (8%) and Google (8%).
BEC attacks continue to target a variety of key roles within organisations. These include sales staff who experienced 19% of attacks, finance (13%), managers, directors and VPs (12%), and project managers (10%).
Recent rises in the values of major cryptocurrencies has led to this becoming a favoured angle for cybercriminals. Bitcoin increased in value by almost 400% between October 2020 and April 2021, and during the same period cyberattacks using impersonation techniques grew by 192%.
Crypto-related scam messages also tend to contain certain key terms, designed to instil a sense of urgency among intended victims. Common terms include urgently today, nearest bitcoin machine, and day runs.
Best-practice protection techniques
With the threats posed by phishing attacks set to rise even further, organisations should be taking a range of protective measures. These include:
- Using artificial intelligence tools to spot suspicious attacks before they can be launched
- Training staff about the types of threats in circulation and what they need to do to avoid becoming a victim
- Reviewing internal policies and guidelines about how email messages are treated
- Deploying account takeover protection as many attacks originate from compromised accounts