Now study shows sharp increase in the number of successful cyber attacks.
Proofpointa leader in cybersecurity and compliance, today released the ninth edition of its annual State of the Phish report, which maps cybercriminals’ use of both new and proven tactics in their attacks.
This year’s version shows how the threat landscape for companies has changed: They are exposed more often than before to ransomware attacks, BEC-related attacks (Business Email Compromise) and phishing attacks.
The study is based on more than 18 million emails reported by end users, as well as 135 million simulated phishing attacks sent over a period of one year. The report also includes a survey of the attitudes of 7,500 employees and 1,050 security experts in 15 countries.
84 percent of surveyed organizations that reported experiencing an email-based phishing attack experienced at least one successful attack during 2022, with 30 percent experiencing direct financial loss
Threat actors still use well-established tactics such as impersonating an established brand, compromising company emails (Business Email Compromise, BEC) and ransomware, but during the year they also expanded the use of innovative and less established methods to infiltrate organizations.
– Although they are still very successful with traditional phishing, many threat actors have now switched to new techniques, e.g. phone-based attacks and AitM-phishing (Adversary-in-the-Middle), which bypasses multi-factor authentication using intermediaries. These techniques have been used in targeted attacks for several years, but in 2022 we have seen them being used on a large scale, says Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint.
– We have also seen a significant increase in the number of advanced phishing campaigns, where the threat actors pretend to be several different people and have longer conversations with their chosen targets. Many cybercriminals – both nation-state-linked groups and BEC actors – are willing to devote the time and resources necessary to carry out longer-term attacks.
Cyber extortion continues to cause problems
Ransomware attack statistics show that 76 percent of all organizations have experienced attempted ransomware attacks, that 64 percent of attacks were successful, and that only half gained access to their files after making the initial payment. It is also worth noting that approximately two-thirds of organizations report that they have experienced multiple separate instances of ransomware intrusion.
Most infected organizations chose to pay the ransom, and many did so more than once. Of the organizations hit by ransomware, 90 percent were covered by cyber insurance that covered ransomware attacks, and most insurance companies (82 percent) were willing to pay the ransom either in full or in part. It also explains the widespread tendency to pay – as many as 64 percent of infected organizations paid a ransom at least once, which is an increase of 6 percentage points since last year.
Annika Westlund
End users being fooled by fake emails from “Microsoft”
In 2022, Proofpoint observed nearly 1,600 campaigns involving some form of trademark abuse. Microsoft was the most abused trademark, with over 30 million phishing attempts and spam messages using the trademark or containing references to a product such as Office or OneDrive. The list of brands most frequently used by cybercriminals also includes Google, Amazon, DHL, Adobe and DocuSign.
It is worth noting that AitM attacks show the user the organization’s real login page, which in many cases is Microsoft 365.
Given the high number of brand-related attacks, it is concerning that almost half (44 percent) of employees indicate that they believe an email is secure when it contains a well-known brand, and 63 percent believe that a email address always corresponds to the brand’s actual website.
BEC attacks spread across national borders
On average, three-quarters of organizations reported experiencing attempted BEC attacks last year. English is the most widely used language, but some non-English-speaking countries are experiencing an increasing number of attacks on their local languages. Here are some examples of countries where the number of BEC attacks was higher than the global average or saw a noticeable increase compared to 2021:
- Netherlands 92 percent (not included in previous analysis)
- Sweden 92 percent (not included in previous analysis)
- Spain 90 percent compared to 77 percent (up 13 percentage points)
- Germany 86 percent compared to 75 percent (up 11 percentage points)
- France 80 percent compared to 75 percent (up 5 percentage points)
Insider threats
The trend towards more frequent job changes makes it harder and harder for organizations to protect their data: 65 percent of organizations report that they have experienced data loss due to insider activity. Among respondents who have changed jobs, nearly half (44 percent) admitted to taking data with them when they left their previous workplace.
Room for improvement
The cybercriminal groups still have a distinct ability to be innovative and a strong will to test new technologies and methods to make their attacks succeed. At the same time, this year’s State of the Phish report shows the same discouraging pattern as previous years when it comes to employees’ security awareness. For example, more than a third of respondents are unable to define basic terms such as “malware”, “phishing” and “ransomware”.
In addition, only 56 percent of organizations have developed a training program to increase security awareness across the workforce, and only 35 percent conduct actual phishing attack simulations, both of which are important components of building an effective training program.
– Today, education in particular plays a big role. Lack of knowledge and mistakes are often a direct result of companies not working effectively enough to train employees in cyber security. It’s about creating good routines so that all employees are aware of how to report suspicious activity and how to act if something goes wrong, says Annika Westlund, Nordic manager at Proofpoint.
– With businesses increasingly exposed to cyber threats and these attacks relying on human interaction to succeed – for example, someone clicking on a link or opening an attachment – it is worrying that so few have well-functioning routines for training. It’s downright amazing.
Source: IT-Kanalen by it-kanalen.dk.
*The article has been translated based on the content of IT-Kanalen by it-kanalen.dk. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!
