Keeping Up With The Increase In Phishing Attacks

The annual State of the Phish report from Proofpoint provides an in-depth overview of the real-world threats, as sourced by Proofpoint’s telemetry encompassing more than 18 million end-user reported emails and 135 million simulated phishing attacks sent over a one-year period. 

Eight in 10 organisations (84%) experienced at least one successful criminal email-based phishing attack in 2022. 

These phishing attacks have direct financial losses and have increased by 76% compared to 2021, and while brand impersonation, business email compromise (BEC), and ransomware remained popular tactics among threat actors, cyber criminals also scaled up their use of less familiar attack methods to infiltrate global organisations.

This year’s report examines perceptions of 7,500 employees and 1,050 security professionals across 15 countries, revealing startling gaps in security awareness and cyber hygiene that propagate the real-world attack landscape.“While conventional phishing remains successful, many threat actors have shifted to newer techniques, such as telephone-oriented attack delivery and adversary-in-the-middle (AitM) phishing proxies that bypass multifactor authentication. 

These techniques have been used in targeted attacks for years, but 2022 saw them deployed at scale.” said Ryan Kalember, executive vice president, cyber security strategy, Proofpoint. 

“We have also seen a marked increase in sophisticated, multi-touch phishing campaigns, engaging in longer conversations across multiple personas. Whether it’s a nation state-aligned group or a BEC actor, there are plenty of adversaries willing to play the long game.” Kalember added.

Key Findings Include

Cyber Extortion Continues to Wreak Havoc:   Seventy-six percent of organisations experienced an attempted ransomware attack in the past year, with 64% suffering a successful infection; yet only half regained access to their data after making the initial ransomware payment.

Alarmingly, over two-thirds of respondents said their organisation experienced multiple, separate ransomware infections.

Most infected organisations paid up, and many did so more than once. Of the organisations impacted by ransomware, the overwhelming majority (90%) had a cyber insurance policy in place for ransomware attacks, and most insurers were willing to pay the ransom either partially or in full (82%). 

This also explains the high propensity to pay, with 64% of infected organisations paying at least one ransom, a six-point increase year-over-year.

End Users Fall Prey to Bogus “Microsoft” Emails:   In 2022, Proofpoint observed nearly 1,600 campaigns involving brand abuse across its global customer base. While Microsoft was the most abused brand name with over 30 million messages using its branding or featuring a product such as Office or OneDrive, other companies regularly impersonated by cyber criminals included Google, Amazon, DHL, Adobe, and DocuSign. 

It’s worth noting that AitM attacks will display the organisation’s real login page to the user, which in many cases will be Microsoft 365.

Considering the volume of brand impersonation attacks, it’s alarming that nearly half (44%) of employees indicate they think an email is safe when it contains familiar branding, and 63% think an email address always corresponds to the matching website of the brand. 

Half of the 10 phishing simulation templates most used by Proofpoint customers were brand-impersonation related, which also tended to have high failure rates.

Business Email Compromise - Cyber Fraud Goes Global:   On average, three-quarters of global organisations reported an attempted BEC attack last year. While English is the most common language employed, some non-English-speaking countries are starting to see higher volumes of attacks in their own languages. 

BEC attacks were higher than the global average or experienced a notable increase compared to 2021:

  • The Netherlands 92% (not featured in prior analysis)
  • Sweden 92% (not featured in prior analysis)
  • Spain 90% vs. 77% (13% increase)
  • Germany 86% vs. 75% (11% increase)
  • France 80% vs. 75% (5% increase)

Insider Threats:   Pandemic-related job mobility, coupled with post-pandemic economic uncertainty, has resulted in large numbers of workers changing or leaving jobs to the tune of one in four employees in the past two years. 

This job market trend makes data protection more difficult for organisations, with 65% reporting they have experienced data loss due to an insider’s action. Among those who have changed jobs, nearly half (44%) admitted to taking data with them.

Threat Actors Scale Up More Complex Email Threats:   Over the past year, hundreds of thousands of telephone-oriented attack delivery (TOAD) and multi-factor authentication (MFA) bypass phishing messages were sent each day, ubiquitous enough to threaten nearly all organizations. At its peak, Proofpoint tracked more than 600,000 TOAD attacks, emails that incite recipients to initiate a direct conversation with attackers over telephone via bogus ‘call centers’, per day, and the number has been steadily rising since the technique first appeared in late 2021.

Room for Improvement with Cyber Hygiene:   Threat actors always innovate, and once again this year’s report shows that most employees suffer security awareness gaps. Even basic cyber threats are still not well understood, more than a third of survey respondents cannot define “malware,” “phishing,” and “ransomware.” 

Furthermore, only 56% of organisations with a security awareness program train their entire workforce, and only 35% conduct phishing simulations, both critical components to building an effective security awareness program. 

As email remains the favoured attack method for cyber criminals and they adopt new  techniques which are much less familiar to employees, there is clear value in building a culture of security across the entire organisation.  

You Might Also Read:  

Human Error Is A Hacker's Dream:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« The Dark Side Of AI
Cyberwar: Lessons From Ukraine »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Mellanox Technologies

Mellanox Technologies

Mellanox Technologies is a leading supplier of end-to-end Ethernet and InfiniBand intelligent interconnect solutions and services for servers, storage, and hyper-converged infrastructure.

IP Performance

IP Performance

IP Performance Limited is a leading supplier of customised network infrastructure and security solutions.

Crosscheck Networks

Crosscheck Networks

Crosscheck products allow you to test your APIs across different protocols and message formats with functional automation, performance, and security testing capabilities.

iQuila

iQuila

iQuila is a virtual overlay network which runs on top of an existing network. It creates a secure software enabled layer 2 connection across the internet or any public or private cloud.

EMnify

EMnify

EMnify is a Software-as-a-Service (SaaS) company, revolutionizing cellular Internet of Things (IoT).

IT Search

IT Search

IT Search is a specialist IT recruitment company focusing on Cyber Security, IT Infrastructure, Software, Data, Digital Transformation and C Suite leadership positions.

Document Security Systems (DSS)

Document Security Systems (DSS)

DSS anti-counterfeit, authentication, and brand protection solutions are deployed to prevent attacks which threaten products, digital presence, financial instruments, and identification.

iTechArt Group

iTechArt Group

iTechArt is a top-tier custom software development company offering Cybersecurity Consulting, Application Security Testing, Risk Management and Compliance, and Infrastructure Security services.

LiveAction

LiveAction

LiveAction provides end-to-end visibility of network and application performance from a single pane of glass.

PSafe

PSafe

PSafe is a leading provider of mobile privacy, security, and performance apps. We deliver innovative products that protect your freedom to safely connect, share, play, express and explore online.

Match Systems

Match Systems

Match Systems provides blockchain investigations, KYC, KYT, AML, Due Diligence and compliance services.

VLC Solutions

VLC Solutions

VLC Solutions is an independent solutions and technology service provider offering Cloud Services, Cybersecurity, ERP Services, Network Management Services, and Compliance Solutions.

TriCIS

TriCIS

TriCIS design and engineer highly secure integrated solutions that meet the highest government and military security standards, providing information assurance to organisations across the globe.

DynTek

DynTek

DynTek delivers exceptional, cost-effective professional IT consulting services, end-to-end IT solutions and managed IT services.

Alchemy Security Consulting

Alchemy Security Consulting

Alchemy Security Consulting specialise in offensive and defensive cyber security. We find the weak link in your security so you can patch it up fast and avoid being hacked.

Diverto

Diverto

Diverto is a company that provides a high level of information security to companies, institutions and other organisations in an information-centric world.