In 2022, 50% of companies had puncture wounds
Phishing is a part of all email exploits, but the scale of success is shown in a new study by cyber security firm Barracuda Network, which analyzed 50 billion emails in 3.5 million mailboxes in 2022 and about 30 million secret phishing emails revealed. These results can be found in the company’s new report Spear-phishing trends.
While this rate represents less than one-tenth of a percent of all emails, half of the organizations surveyed by the company in a study that included the results of a survey of more than 1,000 companies fell victim to phishing last year. A quarter of them had at least one e-mail account hacked due to account takeover (Figure A).
Identity theft and brand impersonation lead to phishing attacks
A study by Barracuda Networks isolated the five most common phishing scams.
- Scam: 47% of phishing attacks tricked victims into giving up information in order to commit fraud and/or steal their identity.
- Brand personification: 42% of phishing attacks impersonated a brand known to the victim to collect credentials.
- Business Email Compromise: 8% of phishers pretended to be an employee, partner, vendor, or other trusted person to coerce victims into making wire transfers or providing information from finance departments.
- Blackmail: 3% of phishing emails threatened to reveal personal information.
- Conversation Hijacking: 0.3% of attacks involved hijacking existing conversations.
The company also found that Gmail users are more likely to be victims of an attack than Microsoft 365 users (57% and 41%, respectively).
Damage to the machines and filtering of data are the main consequences
The report detailed the results of a survey commissioned by Barracuda by independent researcher Vanson Bourne, which surveyed 1,350 organizations with 100 to 2,500 employees across a range of industries in the US, EMEA and APAC.
During the survey, companies were asked about the damage they suffered as a result of e-mail attacks. More than half said their machines were infected with malware, and roughly half reported that confidential information was stolen (Figure B).
The greater the proportion of teleworkers, the greater the vulnerability
Telecommuting increases risks: Users at companies with more than 50% remote workers report higher levels of suspicious emails – an average of 12 per day, compared to less than 50%. Companies favoring remote work also reported that it took longer to detect and respond to email security incidents—taking 55 hours to detect and 63 hours to respond and mitigate, compared to an average of 36 hours and 51 hours for organizations with fewer remote employees, respectively. with an hour. .
On average, 10 suspicious emails were reported to IT on an average business day, and users in India reported the most suspicious emails per day – 15 per day, 50% higher than the global average. In contrast, the American average was nine suspicious emails per day (Figure C).
According to the report, the relatively high number of reported incidents in India may be evidence that organizations there are struggling to prevent email attacks, or that Indian organizations are paying more attention to suspicious emails.
According to the report, the average organization received approximately five emails per day that were classified as phishing, and these attacks achieved an average click-through rate of 11%.
Companies are slow to identify and respond to email attacks
Barracuda’s survey of companies found that, on average, it takes almost two days for organizations to detect an email security breach. Businesses surveyed by Barracuda took an average of nearly 100 hours to identify, respond to, and remediate email abuse. After detection of the attack, it took 56 hours to respond and remediate.
According to the report, among the respondents who experienced a phishing attack:
- 55% reported that their computer was infected with malware or viruses.
- 49% reported having sensitive data stolen.
- 48% reported having their login information stolen.
- 39% reported direct monetary loss.
Fleming Shi, chief technology officer at Barracuda, said email remains the main attack vector used against businesses, even small and medium-sized businesses, as threat actors go after large enterprises and are often faster than they can screw up. they are looking for bigger prizes. from a single hit.
Shi said: “They may go after a person, a brand, a data breach or anything that goes beyond the initial ransom attack and goes as far as holding a corporate ransom for years or multiple payments,” he said. “At the end of the day, there will still be a lot of financially motivated attacks, but we also have to watch out for nation-state or politically motivated cyber attacks that try to influence or change opinion, and maybe even affect the 2024 election. They are also possible because they only need to adjust the weapon to achieve a different effect.”
A slow response rate keeps the door open to cyber theft
The survey showed that 20% of organizations take more than 24 hours to identify an email attack. According to the study, a long period means that users have time to click on a malicious link or respond to an email. 38 percent of respondents reported that it takes more than 24 hours to respond to and remediate attacks. Among the barriers cited are automation, predictability, and lack of staff knowledge, which hinders the discovery process. (Figure D).
“Although vilification is a low-volume, targeted and social engineering tactic, the technique leads to a disproportionate number of successful breaches, and the impact of a single successful attack can be devastating,” Shi said. “To prevent these highly effective attacks, businesses need to invest in account takeover protection solutions with artificial intelligence capabilities. Such tools will be much more efficient than rule-based detection mechanisms. Better detection efficiency helps stop phishing by requiring fewer reactions during an attack.”
Organizations victimized by phishing were more likely to say that costs related to email security breaches had increased in the past year: $1.1 million, compared to $760,880 for those who were victims of other types of email attacks.
Automation and artificial intelligence speed up response times
According to Barracuda Networks, 36% of organizations in the United States use automated incident response tools and 45% use computer security awareness training. Both groups report faster response times on average, which means fewer IT resources are used and those resources can be focused on other tasks.
Larger organizations cite a lack of automation as the most likely barrier to responding quickly to an incident – 41% of organizations with more than 250 employees, compared to 28% of organizations with 100-249 employees. Smaller companies almost equally cite additional reasons, including:
- Lack of predictability (29%)
- Staff knowledge (32%)
- Adequate safety equipment (32%)
The phishing trend will continue in 2023
According to Shi, it is likely that phishing, especially related to conversation hijacking and business email compromise, will continue to prevail this year, and conversation hijacking will build on past data breaches, basically where emails have been stolen.
“I’ll use ProxyLogon as an example, which was Microsoft’s exchange of vulnerabilities, where attackers not only obtained credentials, but also previous email conversations, and allowed them to replay and basically recreate a weapon based on previous interactions” – He told. “So it’s much easier to bypass all the protective barriers, especially human-level awareness.”
He also said that these attacks will be harder to block because not all of them will have links and attachments. “Sometimes it’s just an interaction to gain trust and then potentially lead to further access to the environment,” he said.
BECs facilitate phishing and vice versa
According to Shi, the relationship between BECs and phishing is “intimate and symbiotic”, as BECs can lead to further phishing attacks and phishing can lead to BECs.
“The main difference is that most BECs do not have links or attachments. It’s an interaction, a conversation that eventually leads to something bad happening. However, to get there, one must compromise with the environment. This weapon could be the initial phishing-type attack where credentials are stolen.”
Then, he added, with stolen credentials, actors can gain access to the environment to identify communication patterns that perpetuate the attack. “Sometimes they camouflage themselves into the environment because once trust is built, the attacker can start activating new weapons that can evade detection mechanisms.”
AI models can indicate unusual email communication patterns
According to Barracuda Networks, machine learning is a useful tool for identifying anomalous emails through the establishment of normal communication patterns. And AI can be deployed to automatically detect when accounts have been hacked.
The company also recommends:
- Using technology to identify logins from unknown accounts.
- Monitoring for malicious rules in your inbox.
- Use multi-factor authentication.
- Implementation of DMARC authentication and reporting.
- Automating incident response.
- Training staff to recognize and report attacks.