The evolution of spear phishing and who criminals are targeting

A report from Barracuda Networks also identifies attack risks associated with various roles throughout a company ranging from CEOs and IT departments to employees in sales.

work.jpg

Image: GettyIMages/South_agency

In recent months, a string of high-profile cyberattacks on critical aspects of the U.S. infrastructure has brought conversations surrounding cybersecurity front and center for companies around the globe. On Wednesday, Barracuda Networks published a report entitled “Spear Phishing: Top Threats and Trends” highlighting the latest security trends and tactics cybercriminals are deploying.

“Whether it’s taking advantage of the buzz around cryptocurrency, stealing credentials to start a ransomware attack, or tailoring attacks to less suspicious targets in low profile roles, cybercriminals are constantly adapting their tactics and making their attacks more sophisticated,” per the report.

SEE: Security incident response policy (TechRepublic Premium)

More about cybersecurity

Attack risk by role

Overall, the average organization will face more than 700 social engineering cyberattacks annually, and 10% of the targeted attacks are business email compromises (BEC), according to the report. Among social engineering attacks analyzed by Barracuda researchers, phishing represented 49%, followed by scamming (39%), BEC (10%) and extortion (2%).

A portion of the report identifies attack risks associated with various roles throughout a company ranging from CEOs and IT departments to employees in sales. On average, IT professionals receive 40 targeted phishing attacks annually and this number jumps to 57 for CEOs. Overall, 19% of BEC attacks focus on workers in sales positions and 77% target professionals “outside of finance and executive roles,” per the report.

“Due to the nature of their role, sales reps are used to getting external messages from senders they haven’t communicated with before. At the same time, they are all connected with payments and with other departments including finance. For hackers, these individuals could be a perfect entry point to get into an organization and launch other attacks,” the report said.

Brands and “phishing impersonation”

Overall the brands most often used in the impersonation attacks include Microsoft, WeTransfer, and DHL, with the report noting that the top three have “stayed consistent since 2019.” Over the last year, Microsoft was impersonated in nearly half (43%) of phishing attacks, down from 56% in 2019, according to Barracuda data. The switch to remote work as well as increased e-commerce and deliveries during the coronavirus pandemic could play a role in these preferred brand impersonation tactics.

“With 79% of organizations using Office 365 and many more looking at migrating in the immediate future, it’s not surprising that Microsoft brands remain a top target for cybercriminals,” the report said.

In order, WeTransfer (18%), DHL (8%), Google (8%), eFax (7%) and DocuSign (5%) round out Barracuda’s top six impersonated brands.

“Around 12% of attacks used either DHL or USPS branding to provide fake updates on shipments and deliveries. Hackers have been capitalizing on the fact that so many people have been stuck at home over the past year and getting more deliveries,” the report said.

SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)

Over the last year, cryptocurrencies have made headlines for myriad reasons ranging from carbon footprint concerns to pricing volatility. Interestingly, cybercriminals appear to be riding the wave of crypto fanfare and using digital currencies as bait in recent attacks. From October 2020 to April, “cryptocurrency-related impersonation attacks” spiked 192%, according to the Barracuda report.

“Hackers impersonated digital wallets and other cryptocurrency-related apps with fraudulent security alerts to steal log-in credentials. In the past, attackers impersonated financial institutions targeting your banking credentials. Today they are using the same tactics to steal valuable bitcoins,” the report said.

Methodology

From May 2020 through June 2021, the report said the Barracuda researcher team looked at “more than 12 million spear phishing and social engineering attacks impacting more than 3 million mailboxes” across 17,000 organizations.

Also see