Credit: Dreamstime
While phishing, business email compromise (BEC), and ransomware still rank among the most popular cyberattack techniques, a mix of new-breed attacks are gaining steam, according to a new report from cybersecurity and compliance company Proofpoint.
“While conventional phishing remains successful, many threat actors have shifted to newer techniques, such as telephone-oriented attack delivery (TOAD) and adversary in the middle (AitM) phishing proxies that bypass multi-factor authentication,” said Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint, in a press release for the company's 2023 State of the Phish report. “These techniques have been used in targeted attacks for years, but 2020 saw them deployed at scale.”
The report is based on a survey of 7,500 employees and 1,050 security professionals across 15 countries, and in-house telemetry that monitored over 18 million end-user reported emails and 135 million simulated phishing attacks over a one-year period. The research revealed persistent gaps in cybersecurity awareness and hygiene that lead to attacks.
Ransomware, email-based attacks are top offenders
In 2022, 76% of organizations were targeted by a ransomware attack, out of which 64% were actually infected. Only 50% of these organisations managed to retrieve their data after paying the ransom. Additionally, a little over 66% of respondents reported to have had multiple, isolated infections.
Almost all of the affected organisations (90%) had a cybersecurity insurance policy covering ransomware attacks, and most (82%) insurance companies agreed to pay the ransom, either in part or in full. The high percentage of companies having cybersecurity insurance is why a large number of organisations were willing to pay ransom, with 64% of those infected paying at least one ransom — a six-point increase from the previous year — according to Proofpoint.
The report highlights that US organizations polled — 89% of which suffered a ransomware attack — were more like to get hit by ransomware, compared to organisations in the other 14 countries in the survey, of which approximately all had cybersecurity insurance.
Only 24% of Canadian organisations surveyed in the poll filed a claim after a ransomware attack, owing to poor coverage in their policies. South Korea remained the least-attacked nation in the APAC region.
About eight in 10 organisations (84%) experienced at least one successful email-based phishing attack in 2022, with direct financial losses as a result increasing by 76% compared to 2021, according to the report.
Seventy-five percent of organisations worldwide reported an attempted business email compromise (BEC) attack last year. While English remained the most common language employed, companies in a few non-English nations witnessed a higher volume of attacks in their own languages, including organisations in the Netherlands and Sweden, which reported a 92% jump in such attacks; in Spain, with a 92% jump; Germany, with an 86% increase; and France, with an 80% increase.
Microsoft remained the top impersonated brand
Cybercriminals mostly abused Microsoft's brand name in phishing attacks, with more than 30 million messages using its branding or mentioning products like Office or OneDrive. However, other companies were also frequently impersonated by cybercriminals, including Amazon (mentioned in 6.5 million attacks); DocuSign (3.5 million); Google (2.6 million); DHL (2 million); and Adobe (1.5 million).
The large number of brand impersonation attacks is concerning, especially since 44% of the employees polled believe that an email is safe when it features familiar branding, and 63% think that an email address always belongs to the corresponding website of the brand.
The lack of knowledge and poor security habits among end users, whether they are working from home or in the office, are making organisations vulnerable to potential risks. Over 33% of the respondents were unable to differentiate among terms such as malware, phishing, or "ransomware, according to the survey.
New cyberattack threats rise
In the past year, there has been a significant increase in the number of telephone-oriented attack delivery (TOAD) and multifactor authentication (MFA) bypass phishing messages being sent every day. Proofpoint monitored over 600,000 TOAD attacks each day, with emails encouraging recipients to initiate a direct conversation with attackers via fraudulent "call centers."
The pandemic-caused shift in job mobility and economic uncertainty has led to one in four employees leaving or switching jobs in the past two years. This makes data protection more challenging for organisations, with 65% of them reporting data loss due to the actions of insiders. Almost half of those who changed jobs (44%) confessed to taking data with them.
In a regional context, 71% of Europe, Middle East and African organizations lost data to insiders in 2022. German organisations were most likely to face insider attacks — with 18% reporting data loss due to insiders. With only 4% of UAE organizations reported losing data to insider attacks, businesses in that nation were the least likely to suffer an insider attack.
Additionally, American organisations were the most inclined (63%) to take disciplinary action against employees for unsafe behavior. Only 9% of respondents working in information security thought that implementing a consequence model was incompatible with the organisation's culture.
