According to the latest Avanans’ Cyber Attack Report, the most phished targets are IT, Healthcare, and Manufacturing industries. Security researchers at Avanan examined over 905 million emails in their report. The evolution of these email attacks has become even more sophisticated over time. It is no longer just a numbers game for cyber attackers, rather it has become more about finding the best potential targets and putting in more effort to exploit them. The report finds that impersonation and credential harvesting attacks remain as some of the top picks for attackers, while methods like non-standard characters are at the top of the list.
IT industries witnessed the most phishing attacks, with over 9,000, while healthcare saw more than 6,000, then the manufacturing industry saw just under 6,000 phishing emails in a 30-day span.
Image Source- Avanan 1H Cyber Attack Report
There is no surprise that these are the most targeted industries. These sectors hold some immensely valuable data, such as intellectual property, social security numbers, bank details and health records, to name a few. Another reason why Healthcare and Manufacturing industries are more targeted by hackers is that they are more likely to utilize older tech and are often staffed with a board of directors with no technical background.
Top Phishing Vectors
Phishing attacks remain the most widespread email threat to organizations and various industries across the globe. These attacks are costing victims more each year and becoming increasingly difficult to defend against. In addition, phishing attacks seem to have a more advantageous future than ever before. Given the increase in cloud-based sharing and apps like Microsoft Teams and Dropbox, cyber attackers can easily exploit an email account and gain access to apps that hold crucial information.
Credential Harvesting
54% of phishing attacks are done for credential harvesting. The purpose of credential harvesting is to lure victims into sharing their personal information. Those credentials are most likely to be linked to their bank accounts, email accounts, or they could even be the victim’s social security number or credit card details.
Business Email Compromise (BEC)
20.7% of attacks are carried out via BEC. Why? Because it is simple for hackers to mimic a company or a person which they are not. BEC is a hard form of imitation to catch. Also, such phishing emails are simple and to the point. Something that will not throw away a potential target.
Impersonation Attacks
There are three main types of impersonation: User, Domain and Brand. Attackers impersonate anyone with authority, it could be a CEO or CFO or a renowned brand. Hackers change the sender email address on the email’s header section to fool the target. The impersonation can be anything believable, anything that can convince the victim to divulge data or information.
Extortion
As the name suggests, these types of phishing attacks are out for money. This method involves a high-pressure email, asking the victim to pay, often in Cryptocurrency, in exchange, the cybercriminal will not expose or arrest the victim for some made-up unethical or immoral act. Extortion phishing attacks work more often than you would think, as each attack is built to target a specific victim and the attackers pretend to have some intimate information on them.
Image Source- Avanan 1H Cyber Attack Report
With the number of phishing attacks growing at an increasingly rapid rate, it does not appear to be going anywhere soon. Cyber attackers will continue to compromise vulnerabilities in your existing security systems, and they will continue attacking industries that have poor defenses. One way to overcome these attacks is with phishing training, at least twice a year, given the rate at which phishing tactics develop.
https://www.avanan.com/blog/avanan-releases-1h-2021-global-phish-cyber-attack-report
For more news and updates, visit https://blog.excellimatrix.com/
You can also reach us out on Facebook, & LinkedIn or Contact us
