Security News > 2021 > March > Report: Quality, not quantity, is the hallmark of the latest waves of phishing attacks

Cybercriminals have changed tactics since COVID-19, with surgically precise social engineering attacks targeting business apps replacing batch-and-blast phishing.
A survey of IT professionals and leaders from email security firm GreatHorn finds big changes afoot in the world of email-targeting cyberattacks: The daily quantity of attacks has decreased, but those that remain are more precise and easier to miss.
To make matters worse, the majority of phishing attacks now come in the form of impersonation-related attacks focused on breaching business applications like Zoom, Microsoft Office, DocuSign and other collaboration tools that have become fundamental for businesses during the COVID-19 pandemic.
It's also worth noting that, while daily phishing attacks have decreased from 76% to 53% over from 2020 to 2021, the number of attacks occurring weekly and monthly has increased.
GreatHorn concludes that this shift indicates a shift toward attack sophistication, which in turn leads to another troubling statistic: The percentage of phishing attacks being missed is held steady over the past year at 39%. "The quantity of phish being experienced by organizations may have dropped daily, but the impact of those campaigns that bypass traditional email security is increasing," the report said.
Remediation of phishing attacks is also becoming a greater problem, respondents said, with many having to spend time resetting or suspending compromised accounts and applications, manually combing their environments for indicators of lateral attacker movement and running remediation PowerShell scripts.
News URL
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- London celebrity talent agency reports itself to ICO following Rhysida attack claims (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- CrowdStrike Security Report: Generative AI Powers Social Engineering Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)