As digitisation becomes a necessity for companies to survive and grow in a Covid-hit world, scamming and phishing have become major cyber threats for organisations around the world, IT security firm Barracuda Networks said in a new study.
The company, in the study titled Spear Phishing: Top Threats and Trends Vol. 5, said that the two forms of attacks have become the biggest threats, cumulatively making up 86% of all spear-phishing attacks analysed between August and October 2020.
The firm said it evaluated more than 2.3 million spear-phishing attacks that targeted over 80,000 organisations, and found that phishing, which involves tricking individuals with fake emails/websites and stealing their credentials, was behind half of them.
Scamming followed close behind, making up 36% of all attacks. This vector happens to be less targeted in nature and includes a variety of email-based financial frauds, including tech support scams, calls for charity, political donations and foreign exchange, the report said.
Other than the two, the report said that business email compromises (BEC) and extortions made 12% and 2% of the attacks, respectively.
The figures are small, but BEC has grown from 7% last year -- a trend that signals it to be a fast-growing threat. It involves impersonation of a trusted business stakeholder, such as an employee or vendor, for financial gain and has cost organisations $26 billion between 2016 and 2019, as per the Federal Bureau of Investigation (FBI).
Pause in coronavirus themed attacks
Covid-19-related spear-phishing attacks, which began in January, have not grown significantly since peaking in March with 667% growth, Barracuda said. These attacks make about 2% of all analysed attacks during the three-month-period, the report said, noting that they have not disappeared completely and are still dominated by scamming-based attacks that revolve around fake cures and donations.
“Cybercriminals adapt very quickly when they find a new tactic or current event that they can exploit. Their response to the Covid-19 pandemic proved it too well,” Murali Urs, country manager (India), Barracuda Networks, said, commenting on the shift in the attackers’ interest.
Among other things, the report also found that at 87%, most of the attacks were carried out on work days and not during weekends and the holidays. Additionally, 71% of the spear-phishing emails evaluated had at least one URL, which redirected the user to a site rigged to steal login credentials or distribute malware.
However, in the case of BEC, only 30% of the emails had a link, as these attacks are more about using the trust between the hijacked and target party to steal money and information.
“As organisations in India today are facing increasing threats from highly targeted phishing attacks, staying aware of the way spear-phishing tactics are evolving will help them take the proper precautions to protect their business and users,” Urs said. “They must invest in technology to block attacks and provide training to help people act as a last line of defense and avoid falling victim to scammers’ latest tricks.”