Security News > 2021 > March > Report: Quality, not quantity, is the hallmark of the latest waves of phishing attacks
Cybercriminals have changed tactics since COVID-19, with surgically precise social engineering attacks targeting business apps replacing batch-and-blast phishing.
A survey of IT professionals and leaders from email security firm GreatHorn finds big changes afoot in the world of email-targeting cyberattacks: The daily quantity of attacks has decreased, but those that remain are more precise and easier to miss.
To make matters worse, the majority of phishing attacks now come in the form of impersonation-related attacks focused on breaching business applications like Zoom, Microsoft Office, DocuSign and other collaboration tools that have become fundamental for businesses during the COVID-19 pandemic.
It's also worth noting that, while daily phishing attacks have decreased from 76% to 53% over from 2020 to 2021, the number of attacks occurring weekly and monthly has increased.
GreatHorn concludes that this shift indicates a shift toward attack sophistication, which in turn leads to another troubling statistic: The percentage of phishing attacks being missed is held steady over the past year at 39%. "The quantity of phish being experienced by organizations may have dropped daily, but the impact of those campaigns that bypass traditional email security is increasing," the report said.
Remediation of phishing attacks is also becoming a greater problem, respondents said, with many having to spend time resetting or suspending compromised accounts and applications, manually combing their environments for indicators of lateral attacker movement and running remediation PowerShell scripts.
News URL
Related news
- How Phishing Attacks Adapt Quickly to Capitalize on Current Events (source)
- DDoS Attacks Surge 46% in First Half of 2024, Gcore Report Reveals (source)
- Google raps Iran's APT42 for raining down spear-phishing attacks (source)
- Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks (source)
- Cybercriminals exploit file sharing services to advance phishing attacks (source)
- CERT-UA Warns of New Vermin-Linked Phishing Attacks with PoW Bait (source)
- How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back (source)
- Novel attack on Windows spotted in phishing campaign run from and targeting China (source)
- Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks (source)
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)