How cyber thieves are stepping up their phishing attacks against businesses and organizations
Cyber thieves are using new strategies, tactics and techniques to increase the chances of success of their phishing attacks against businesses and organizations.
That’s according to a new report from IT security firm Barracuda Networks, which found that more than 35% of the 10,500 organizations they analyzed were targeted by at least one phishing attack in September 2021. On average, three mailboxes from each company received one of the bogus messages.
The report warned that “As attackers strive to make their phishing attacks more targeted and effective, they have started looking for potential victims, working to collect information that will help them improve their chances of success. attacks. “
Barracuda Networks explained that “bait attacks are a technique that attackers use to test email addresses and see who is ready to respond,” then use that information to plan for future targeted attacks.
“Also known as recognition attacks, these efforts are usually emails with very short or even empty content. The objective is either to verify the existence of the victim’s email account by not receiving any “undeliverable” email, or to involve the victim in a conversation that could potentially lead to malicious money transfers or to leaked credentials, ”the company said.
Difficult to defend against
According to Barracuda Networks, “Because this class of threats barely contains text and does not include any phishing links or malicious attachments, it is difficult for conventional phishing scanners to defend against these attacks.
The company noted that, “to avoid detection, attackers typically use new free service email accounts, such as Gmail, Yahoo, or Hotmail, to send the attacks. Attackers also rely on behavioral behavior. ‘sending at low volume and without burst in an attempt to bypass mass or anomaly detectors.
Other main findings of the survey include:
No more ransomware attacks
- Attacks against businesses, such as infrastructure, travel, financial services, and other businesses, accounted for 57% of all ransomware attacks between August 2020 and July 2021, compared to just 18% in their 2020 study.
Ransom amounts increased
- The amount of the ransom increases dramatically. The average ransom demand per incident is over $ 10 million.
- The volume of cryptocurrency-related attacks closely follows the rising price of bitcoin. The price of bitcoin increased nearly 400% between October 2020 and April 2021, and identity theft attacks increased 192% during the same period.
Advice to business leaders
Barracuda Networks has recommended businesses and organizations:
Deploy AI to identify and block phishing attacks
Traditional filtering technology is largely powerless when it comes to blocking bait attacks. The messages do not contain any malicious payloads and usually come from Gmail, which is considered very reputable. AI-based defense is much more efficient. It leverages data pulled from multiple sources including communication graphics, reputation systems, and network-level analytics to help protect against such attacks.
Some of these attacks can still land in users’ inboxes, so train users to recognize these attacks and not respond to them. Include examples of bait attacks in your security awareness training and simulation campaigns. Encourage users to report them to your IT and security teams.
Move inbox bait attacks
When bait attacks are identified, it is important to remove them from users’ inboxes as quickly as possible before they open or respond to the message. Automated incident response can help identify and correct these messages within minutes, preventing the attack from spreading and preventing your organization from becoming a future target.