Cybercriminals learn fast, exploiting every new event or loophole to harm their victims. Their response to the Covid-19 pandemic proved it too well, said Murali Urs, country manager (India), Barracuda Networks.
The cloud computing and data security firm has released a new report with key findings about the ways cybercriminals are adapting quickly to current events and new tactics. The latest report, titled Spear Phishing: Top Threats and Trends, reveals new details about these highly targeted threats, including the latest tactics used by cybercriminals and the steps you can take to defend your business.
The report takes an in-depth look at how attackers are adapting to current events and using new tricks to successfully execute attacks—spear phishing, business email compromise, pandemic-related scams, and other types.
As per the report,
- Business email compromise (BEC) makes up 12% of the spear-phishing attacks analysed, an increase from just 7% in 2019;
- 72% of Covid-19-related attacks are scamming. In comparison, 36% of overall attacks are scamming. Attackers prefer to use Covid-19 in their less targeted scamming attacks that focus on fake cures and donations;
- 13% of all spear-phishing attacks come from internally compromised accounts, so organisations need to invest in protecting their internal email traffic as much as they do in protecting from external senders;
- 71% of spear-phishing attacks include malicious URLs, but only 30% of BEC attacks included a link. Hackers using BEC want to establish trust with their victims and expect a reply to their email, and the lack of a URL makes it harder to detect the attack.
“As organisations in India today are facing increasing threats from highly targeted phishing attacks, staying aware of the way spear-phishing tactics are evolving will help them take the proper precautions to protect their business and users,” says the Barracuda India country manager. “Enterprises must invest in technology to block attacks and provide training to help people act as a last line of defense and avoid falling victim to the latest tricks of these scammers.”
The report also analyses why organisations need to invest in protection against lateral phishing and other internally-launched attacks from compromised accounts, including solutions that use Artificial Intelligence and machine learning.