Spear phishing has quickly become one of the hottest and most dangerous cyberattacks around the world. The numbers vary based on how costs are counted and crimes are categorized, but the IC3 reported that businesses suffered over $48 million in phishing-related losses in the year 2018 (pdf). The numbers are much higher when you consider that Business Email Compromise (BEC), corporate data breach, and other types of crimes that can be related to phishing attacks are categorized separately. The Anti-Phishing Working Group recently reported that phishing attacks on SaaS and webmail services doubled in Q4 of 2018, and the 2018 Verizon Data Breach Investigation Report (DBIR) states that an average of 4% of the targets in a phishing campaign will fall for the attack. According to the same report, the company has only 16 minutes until someone in that 4% will act on the scam. It will be another 12 minutes before someone reports the attack to the IT team. The numbers get really crazy when you bring mobile attacks into the mix. You can get details on these in the 2019 Verizon DBIR.
Search Results for: "business email compromise"
There are never enough hours in the day for your typical business executive. The stresses of running a modern business can stretch even the most productive, and early-rising, individuals to the limit. A Harvard Business Review report from last year, for example, claimed that CEOs work on average 62.5 hours per week — over 50% more than a regular full-time employee. Unfortunately, this may have serious repercussions for cybersecurity.
The latest Verizon Data Breach Investigations Report (DBIR) claims that senior execs are many times more likely to be the target of a breach or serious security incident that in years past. Why? Because they have a crucial combination of not enough time to vet social engineers, alongside privileged network access and organisation-wide authority.
To mitigate the risk from rising attacks on the C-suite, organisations will need to refocus training efforts and tighten technical controls.
Protect your Office 365 accounts from pervasive attacks.
Barracuda researchers have revealed a startling rise in account takeover, one of the fastest growing email security threats. A recent analysis of account-takeover attacks targeted at Barracuda customers found that 29 percent of organizations had their Office 365 accounts compromised by hackers in March 2019. More than 1.5 million malicious and spam emails were sent from the hacked Office 365 accounts in that one month! [Read more…] about Threat Spotlight: Account Takeover
News emerged in a new report last week that just 10% of European and US firms are “cyber ready”, despite surging attacks. The study from insurer Hiscox — which spanned the UK, US, Germany, Belgium France, Spain, and the Netherlands — should be something of a wake-up call for IT and cybersecurity leaders. SMEs, in particular, are said to be in the firing line.
Although technical controls certainly play their part in helping to mitigate risk and improve preparedness, the report revealed that cultural changes and a more proactive approach to training are equally important. Perhaps it’s time for the security industry, in general, to take a more holistic approach to threat prevention that’s not so solution-centric.
Attacks soar in 2018
The percentage of firms classed as “experts” in cyber-readiness actually dropped from 11% last year. Yet the threats facing them have never been more pronounced: 61% reported an attack over the past year, up from less than half (45%) the year before. The figure rose even higher in France (67%) and Belgium (71%). The frequency of attacks has also increased, as has their cost: up 61% from $229,000 last year to $369,000 in this year’s report, with medium and large firms bearing most of the financial impact.
It seems you can hardly go a day without hearing about another data breach, money transfer scam, or some other crime that started out as a spear phishing attack. Email-borne threats have always been a top priority for IT security, but spear phishing is one of the fastest growing attacks. This threat evolves and changes, and when done correctly, will blend in with a victim’s legitimate communications. This is because spear phishing has a human touch. Attackers spend time crafting strategies, researching targets, and refining their methods until they are successful or have made a decision to move on.
When you really dig into spear phishing attacks, you find there are a few specific reasons why they work so well. In this blog post, we will take a look at the top three reasons why criminals are so successful with these attacks.