All Transform 2021 sessions are available on demand now. Watch now.
The average CEO receives 57 phishing emails a year, but other executives and non-executives, such as sales and IT employees, are getting hit just as hard. This is according to new research of the security firm Barracuda Networks, which analyzed more than 12 million email attacks that affected more than three million mailboxes in approximately 17,000 organizations.
“It affirms our view that these attackers are becoming more patient than before and are willing to spend time building trust and socially engineering their way to target more valuable assets eventually,” Fleming Shi, Barracuda CTO, told VentureBeat.
Sales employees are great targets because they frequently interact with people outside of their organizations, Shi said. They are the target in 20% of business email compromise (BEC) attacks, and malicious actors often manipulate sales orders, quotes, and other business emails. IT personnel are also a common target, because their access to the IT infrastructure is extremely valuable for attackers to establish persistence in the network and plan lateral movements. They receive more than 40 phishing attempts a year on average, according to research. Overall, Barracuda found that an average organization is the target of more than 700 social engineering attacks in a year, 49% of which are specifically phishing attacks.
Who are the attackers posing to?
In addition to who it’s targeting, Barracuda also looked at exactly what those phishing emails look like – specifically, who they’re impersonating. Research shows that Microsoft is the most imitated brand, with 43% of attackers posing as the company. This has been the case since 2018, according to security company Vade. In the first six months of 2021 alone, Vade found 12,777 Microsoft phishing URLs. The company also recently discovered that hackers hijacked one of Microsoft’s anti-phishing features to launch more sophisticated phishing attacks.
“It’s quite telling that Microsoft continues to be imitated more than any other brand,” Shi said. “Not just because Microsoft is a trusted name, [but] also because they are the identity provider that most organizations use. “
According to Barracuda, WeTransfer and DHL are the other most impersonated brands and, along with Microsoft, have been in the top three since 2019. WeTransfer’s spoofing has especially been on the rise, doubling since its use in 9% of phishing attacks in 2019 to 18% this year. The company also found attackers posing as Google, eFax, DocuSign, USPS, Dropbox, Xerox, and Facebook.
Phishing attacks on the rise
If it seems like phishing attacks are everywhere, that’s because they are. In the aforementioned report, Vade also revealed a big jump in phishing attacks since the beginning of the year, with a 281% increase in May and another 284% increase in June. Shi said these types of attacks are “unfortunately very effective” and are on the rise because they are used to steal credentials.
These numbers reflect other recent research by IT asset monitoring, management and security platform provider Ivanti, which surveyed organizations on recent attacks. According to the report, 80% of respondents said they had seen an increase in the number of phishing attempts directed at their organizations, and 74% said that their organizations had been the victims of a phishing attack in the last year. In that research, nearly 75% of those surveyed said IT staff was the target.
Both reports, as well as many others, show not only that the attacks are occurring more frequently, but that they are also becoming more sophisticated. Thomas Briend, the Vade engineer who discovered the Microsoft 365 tactic, said it is “the first time in terms of API abuse,” as far as he knows. Shi also specifically called out the new links between cryptocurrencies and spearfishing, describing phishing attacks targeting specific individuals or organizations. While Bitcoin has always been used to collect ransom payments, hackers have increasingly masqueraded as digital wallets and other related applications to steal valuable cryptocurrencies outright. The report notes that this has been going on for the past eight months, coinciding with the recent surge in the value of Bitcoin.
In general, Shi believes that we are entering a phase that he calls the “post-breach era”, in which we have to accept that a large part of our data and credentials has already been stolen.
“We must have visibility, detection and response capabilities to ensure that criminals are stopped,” he said. “I want to be clear, this is not an easy task given the complexity of the attacks.”
VentureBeat’s mission is to be a digital urban plaza for technical decision makers to gain insight into transformative technology and transact. Our site offers essential information on data technologies and strategies to guide you as you run your organizations. We invite you to become a member of our community, to access:
- updated information on the topics of your interest
- our newsletters
- Exclusive content from thought leaders and discounted access to our treasured events, such as Transform 2021: Learn more
- network features and more
Become a member