A report from Barracuda Networks additionally identifies assault dangers related to numerous roles all through an organization starting from CEOs and IT departments to workers in gross sales.
In latest months, a string of high-profile cyberattacks on crucial facets of the U.S. infrastructure has introduced conversations surrounding cybersecurity entrance and heart for corporations across the globe. On Wednesday, Barracuda Networks printed a report entitled “Spear Phishing: High Threats and Tendencies” highlighting the newest safety traits and ways cybercriminals are deploying.
“Whether or not it is making the most of the excitement round cryptocurrency, stealing credentials to start out a ransomware assault, or tailoring assaults to much less suspicious targets in low profile roles, cybercriminals are consistently adapting their ways and making their assaults extra refined,” per the report.
SEE: Safety incident response coverage (TechRepublic Premium)
Assault danger by position
Total, the typical group will face greater than 700 social engineering cyberattacks yearly, and 10% of the focused assaults are enterprise electronic mail compromises (BEC), in keeping with the report. Amongst social engineering assaults analyzed by Barracuda researchers, phishing represented 49%, adopted by scamming (39%), BEC (10%) and extortion (2%).
A portion of the report identifies assault dangers related to numerous roles all through an organization starting from CEOs and IT departments to workers in gross sales. On common, IT professionals obtain 40 focused phishing assaults yearly and this quantity jumps to 57 for CEOs. Total, 19% of BEC assaults deal with employees in gross sales positions and 77% goal professionals “outdoors of finance and government roles,” per the report.
“As a result of nature of their position, gross sales reps are used to getting exterior messages from senders they have not communicated with earlier than. On the identical time, they’re all related with funds and with different departments together with finance. For hackers, these people could possibly be an ideal entry level to get into a corporation and launch different assaults,” the report stated.
Manufacturers and “phishing impersonation”
Total the manufacturers most frequently used within the impersonation assaults embrace Microsoft, WeTransfer, and DHL, with the report noting that the highest three have “stayed constant since 2019.” Over the past 12 months, Microsoft was impersonated in practically half (43%) of phishing assaults, down from 56% in 2019, in keeping with Barracuda information. The swap to distant work in addition to elevated e-commerce and deliveries in the course of the coronavirus pandemic may play a job in these most popular model impersonation ways.
“With 79% of organizations utilizing Workplace 365 and plenty of extra taking a look at migrating within the quick future, it isn’t shocking that Microsoft manufacturers stay a prime goal for cybercriminals,” the report stated.
So as, WeTransfer (18%), DHL (8%), Google (8%), eFax (7%) and DocuSign (5%) spherical out Barracuda’s prime six impersonated manufacturers.
“Round 12% of assaults used both DHL or USPS branding to supply faux updates on shipments and deliveries. Hackers have been capitalizing on the truth that so many individuals have been caught at residence over the previous 12 months and getting extra deliveries,” the report stated.
SEE: Find out how to handle passwords: Greatest practices and safety suggestions (free PDF) (TechRepublic)
Over the past 12 months, cryptocurrencies have made headlines for myriad causes starting from carbon footprint issues to pricing volatility. Apparently, cybercriminals look like driving the wave of crypto fanfare and utilizing digital currencies as bait in latest assaults. From October 2020 to April, “cryptocurrency-related impersonation assaults” spiked 192%, in keeping with the Barracuda report.
“Hackers impersonated digital wallets and different cryptocurrency-related apps with fraudulent safety alerts to steal log-in credentials. Prior to now, attackers impersonated monetary establishments focusing on your banking credentials. Right now they’re utilizing the identical ways to steal beneficial bitcoins,” the report stated.
From Might 2020 by June 2021, the report stated the Barracuda researcher crew checked out “greater than 12 million spear phishing and social engineering assaults impacting greater than 3 million mailboxes” throughout 17,000 organizations.