Security News > 2021 > March > Report: Quality, not quantity, is the hallmark of the latest waves of phishing attacks

Cybercriminals have changed tactics since COVID-19, with surgically precise social engineering attacks targeting business apps replacing batch-and-blast phishing.

A survey of IT professionals and leaders from email security firm GreatHorn finds big changes afoot in the world of email-targeting cyberattacks: The daily quantity of attacks has decreased, but those that remain are more precise and easier to miss.

To make matters worse, the majority of phishing attacks now come in the form of impersonation-related attacks focused on breaching business applications like Zoom, Microsoft Office, DocuSign and other collaboration tools that have become fundamental for businesses during the COVID-19 pandemic.

It's also worth noting that, while daily phishing attacks have decreased from 76% to 53% over from 2020 to 2021, the number of attacks occurring weekly and monthly has increased.

GreatHorn concludes that this shift indicates a shift toward attack sophistication, which in turn leads to another troubling statistic: The percentage of phishing attacks being missed is held steady over the past year at 39%. "The quantity of phish being experienced by organizations may have dropped daily, but the impact of those campaigns that bypass traditional email security is increasing," the report said.

Remediation of phishing attacks is also becoming a greater problem, respondents said, with many having to spend time resetting or suspending compromised accounts and applications, manually combing their environments for indicators of lateral attacker movement and running remediation PowerShell scripts.

News URL

https://www.techrepublic.com/article/report-quality-not-quantity-is-the-hallmark-of-the-latest-waves-of-phishing-attacks/#ftag=RSS56d97e7