Barracuda has released key findings about the ways spear-phishing attacks are evolving. The report, titled Spear Phishing: Top Threats and Trends Vol. 7 – Key findings on the latest social engineering tactics and the growing complexity of attacks, reveals fresh insights into recent trends in spear-phishing attacks and what you can do to protect your business.
The report examines current trends in spear phishing, which businesses are most likely to be targeted, the new tricks attackers are using to sneak past victims’ defenses, and the number of accounts that are being compromised successfully. It also tackles the best practices and technology that organisations should be using to defend against these types of attacks.
AN IN-DEPTH LOOK AT ATTACK TRENDS
Between January 2021 and December 2021, Barracuda researchers analysed millions of emails across thousands of businesses. Here are some of the key takeaways from their analysis:
- An average employee of a small business with less than 100 employees will experience 350% more social engineering attacks than an employee of a larger enterprise. 51% of social engineering attacks are phishing.
- Conversation hijacking, also known as vendor impersonation, is a type of targeted email attack in which cybercriminals insert themselves into existing business conversations or initiate new conversations based on information they’ve gathered from compromised email accounts or other sources. Conversation hijacking grew almost 270% in 2021.
- Microsoft is one of the most impersonated brands. Around 57% of phishing attacks impersonate one of Microsoft’s brands such as Microsoft 365, OneDrive, SharePoint, or others.
- Account takeover is one of the fastest growing threats. In 2021, roughly 1 in 5 organisations (20%) had at least one of their Microsoft 365 accounts compromised. This means that in 2021 hackers managed to compromise around 500,000 Microsoft 365 accounts around the globe. Without the right level of protection, account takeover can go undetected and cause real damage to the organisation, its business partners, and its customers.
- WeTransfer provides online file transfer services, allowing users to share files of large sizes that they may not be able to send directly through email. The brand was used in 17% of phishing attacks. The company is well aware of their brand being used in these types of attacks, and they warn their users to be vigilant. Organisations should include WeTransfer scams as part of their security awareness training. Other brands that made it into the top 10 included DocSign, Google, DHL, USPS, and LinkedIn. Compromising any of these accounts will provide hackers with a wealth of personal information that they can exploit in further attacks.
- Hackers target high-value accounts for takeover. Accounts of CEOs and CFOs are almost twice as likely to be taken over compared to average employees. Once they have access, cybercriminals use these high-value accounts to gather intelligence or launch attacks within an organisation. Executive assistants are also a popular target as they often have access to executive accounts and calendars and usually can send messages out on behalf of executive teams.
- One in three fraudulent logins into compromised accounts came from Nigeria. Once they’re inside an account, hackers create forwarding rules or scripts to hide and delete any email that they send from the compromised inbox. Suspicious inbox rules are often one of the signs of an account takeover. A full 36% of organisations that had an account compromised had hackers set up malicious inbox rules to hide their activity. In fact, hackers on average created two rules for each compromised account. Our research of almost 12,000 compromised accounts showed that they were used to send over 3 million malicious messages and spam in 2021.
“Small businesses often have fewer resources and lack security expertise, which leaves them more vulnerable to spear-phishing attacks, and cybercriminals are taking advantage,” said Don MacLennan, SVP, Engineering & Product Management, Email Protection, Barracuda. “That’s why it’s important for businesses of all sizes not to overlook investing in security, both technology and user education. The damage caused by a breach or a compromised account can be even more costly.”
BEST PRACTICES TO PROTECT AGAINST SPEAR-PHISHING ATTACKS
Organisations today face increasing threats from targeted phishing attacks. To protect businesses and users, enterprises need to invest in technology to block attacks, and in training to help people act as a last line of defence. Key solutions include:
- Take advantage of artificial intelligence. Scammers are adapting email tactics to bypass gateways and spam filters, so it’s critical to have a solution in place that detects and protects against spear-phishing attacks, including business email compromise, impersonation, and extortion attacks. Deploy purpose-built technology that doesn’t solely rely on looking for malicious links or attachments. using machine learning to analyse normal communication patterns within your organisation allows the solution to spot anomalies that may indicate an attack.
- Deploy account-takeover protection. Many spear-phishing attacks originate from compromised accounts; be sure scammers aren’t using your organisation as a base camp to launch these attacks. Deploy technology that uses artificial intelligence to recognise when accounts have been compromised and that remediates in real time by alerting users and removing malicious emails sent from compromised accounts.
- Monitor inbox rules and suspicious logins. use technology to identify suspicious activity, including logins from unusual locations and IP addresses, a potential sign of a compromised account. Be sure to also monitor email accounts for malicious inbox rules, as they are often used as part of account takeover. Criminals log into the account, create forwarding rules, and hide or delete any email they send from the account, to try to hide their tracks.
- Use multi-factor authentication. Multi-factor authentication, also called MFA, two-factor authentication, and two-step verification, provides an additional layer of security above and beyond username and password, such as an authentication code, thumb print, or retinal scan.
- Implement DMARC authentication and reporting. Domain spoofing is one of the most common techniques used in impersonation attacks. DMARC authentication and enforcement can help stop domain spoofing and brand hijacking, while DMARC reporting and analysis helps organisations accurately set enforcement.
- Automate incident response. An automated incident response solution will help you quickly clean up any threats found in users’ inboxes, which will make remediation more efficient for all messages going forward.
- Train staffers to recognise and report attacks. Educate users about spear-phishing attacks by making it a part of security- awareness training. Ensure staffers can recognize these attacks, understand their fraudulent nature, and know how to report them. use phishing simulation for emails, voicemail, and SMS to train users to identify cyberattacks, test the effectiveness of your training, and evaluate the users most vulnerable to attacks.
- Review internal policies. Help employees avoid making costly mistakes by creating guidelines that put procedures in place to confirm requests that come in by email, including making wire transfers and buying gift cards.
- Maximise data-loss prevention. use the right combination of technologies and business policies to ensure emails with confidential, personally identifiable, and other sensitive information are blocked and never leave the company.