Cybercriminals have changed tactics since COVID-19, with surgically precise social engineering attacks targeting business apps replacing batch-and-blast phishing.
A survey of IT professionals and leaders from email security firm GreatHorn finds big changes afoot in the world of email-targeting cyberattacks: The daily quantity of attacks has decreased, but those that remain are more precise and easier to miss.
To make matters worse, the majority of phishing attacks now come in the form of impersonation-related attacks focused on breaching business applications like Zoom, Microsoft Office, DocuSign and other collaboration tools that have become fundamental for businesses during the COVID-19 pandemic.
It’s also worth noting that, while daily phishing attacks have decreased from 76% to 53% over from 2020 to 2021, the number of attacks occurring weekly and monthly (i.e., with less frequency) has increased. GreatHorn concludes that this shift indicates a shift toward attack sophistication, which in turn leads to another troubling statistic: The percentage of phishing attacks being missed is held steady over the past year at 39%. “The quantity of phish being experienced by organizations may have dropped daily, but the impact of those campaigns that bypass traditional email security is increasing,” the report said.
SEE: Identity theft protection policy (TechRepublic Premium)
Survey respondents said that they are most concerned with impersonation attacks, which GreatHorn said continue to become more popular as the lives of employees move online. “As employees leverage social media networks, including LinkedIn, and employers expand their digital presence to attract customers, more information is available for social engineering. And being able to impersonate a trusted entity to get the user to act allows the phishing campaign to be more successful,” the report said.
Remediation of phishing attacks is also becoming a greater problem, respondents said, with many having to spend time resetting or suspending compromised accounts and applications, manually combing their environments for indicators of lateral attacker movement and running remediation PowerShell scripts.
The results of all these shifts in email attacks have led to IT professionals citing email as the top security concern for 2021, with network security and cloud security posture coming in second and third. The key to staying secure in 2021, said GreatHorn CEO and co-founder Kevin O’Brien, will be learning how to prevent sophisticated spearphishing attacks from bypassing filters.
“Email security providers must shift their approach to understanding and controlling threat vectors in order to analyze deviations from the norm. Only from there can they create automated defense systems that produce a layered approach to mitigating risk,” O’Brien said.
SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
Preventing spearphishing attacks can be difficult due to their filter-bypassing nature, spoofing of organizational identities, and personalized language, but it is possible with precautions of the type recommended by Barracuda:
- Use AI solutions that can recognize subtle anomalies that indicate attacks,
- Assume traditional email security won’t be sufficient,
- Deploy an account-takeover protection tool,
- Implement DMARC authentication and reporting,
- Use multifactor authentication,
- Train staff to recognize attacks and question unusual requests from known parties,
- Conduct proactive investigations that scan emails for known language patterns,
- Implement security procedures that can minimize data loss, like zero-trust security.