Common group focused by over 700 social engineering assaults annually: report

A brand new report from cybersecurity firm Barracuda has discovered that IT staffers and CEOs proceed to face a barrage of phishing assaults all year long.

Barracuda analysts examined greater than 12 million spear phishing and social engineering assaults impacting greater than 3 million mailboxes at over 17,000 organizations between Could 2020 and June 2021. 

The “Spear Phishing: High Threats and Tendencies Vol. 6 — Insights” report discovered that 43% of phishing assaults impersonate Microsoft and the typical group is focused by over 700 social engineering assaults annually. 

Practically 80% of BEC assaults goal workers exterior of monetary and government roles, with the typical CEO receiving 57 focused phishing assaults annually and IT staffers getting a median of 40 focused phishing assaults yearly.

Cryptocurrency-related assaults additionally grew 192% between October 2020 and April 2021, and the researchers famous that the variety of assaults rose alongside the final worth of assorted cryptocurrencies. 

Nearly 50% of all socially engineered threats the corporate noticed over the previous yr have been phishing impersonation assaults, and practically all included a malicious URL. 

“Though phishing emails are nothing new, hackers have began to deploy ingenious methods to keep away from detection and ship their malicious payloads to customers’ inboxes. They shorten URLs, use quite a few redirects, and host malicious hyperlinks on doc sharing websites, all to keep away from being blocked by electronic mail scanning applied sciences,” the report stated.  

“Phishing impersonation assaults have additionally been trending upwards. These assaults made up 46% of all social engineering assaults we detected in June 2020 and grew to 56% by the tip of Could 2021.”

Enterprise electronic mail compromise assaults solely made up 10% of the assaults Barracuda analysts noticed however have price corporations within the training, healthcare, industrial, and journey sectors tens of millions.

Hackers are additionally persevering with to make use of most of the similar ways, together with utilizing manufacturers for phishing impersonation assaults. 

Microsoft, WeTransfer, and DHL are the highest three manufacturers utilized in impersonation assaults going again to 2019. Due to the corporate’s ubiquity, Microsoft was utilized in 43% of phishing assaults prior to now 12 months. 

Usually cybercriminals will “ship faux safety alerts or account replace info to get their victims to click on on a phishing hyperlink.” The identical goes for WeTransfer, which went from 9% of all phishing assaults to 18% by 2021. 

The remainder of the highest ten impersonated manufacturers consists of Google, DocuSign, and Fb.

Don MacLennan, senior vp of Electronic mail Safety at Barracuda, stated cybercriminals are actually focusing on workers exterior the finance and government groups, in search of weak hyperlinks in organizations. 

“Focusing on decrease stage workers gives them a solution to get within the door after which work their means as much as larger worth targets,” MacLennan stated. “That is why it is essential to be sure to have safety and coaching for all workers, not simply concentrate on those you suppose are the almost certainly to be attacked.”