Phishing attack will be more and more on the rise in 2023. There was a 61% increase in the rate of phishing attacks in the last six months to the end of 2022 compared to the previous year.
And, according to Verizon’s 2022 DBIR, the human element continues to be a key driver of 82% of breaches and this pattern captures a large percentage of those breaches. Additionally, malware and stolen credentials provide a great second step after a social attack gets the actor in the door. These attacks continue to be split between phishing attacks and the more convincing pretexting attacks, which are commonly associated with Business Email Compromises (BEC).
Significantly, for the first time, studies highlight the following insights (Extract):
- 83% of organizations studied have had more than one data breach.
- 60% of organizations’ breaches led to increases in prices passed on to customers.
- 19% of breaches occurred because of a compromise at a business partner.
- €3.99 million is the average total cost of a data breach.
- €4.17 million is the average cost of a ransomware attack, not including the cost of the ransom itself.
- 19% is the frequency of breaches caused by stolen or compromised credentials.
- 12 years: Consecutive years the Healthcare industry had the highest average cost of a breach.
- 277 days is the average time to identify and contain a data breach.
- €4.51 million is the average cost of data breach with a phishing initial attack vector.
The Social Engineering pattern is dominated by phishingPhishing dominates the Social Engineering pattern because, overall, the combination of factors such as low cost, high success rate, and widespread use of technology has made phishing a preferred method:
- It is low cost and easy to execute, requiring only a computer and internet connection.
- It can be highly effective in tricking victims into providing sensitive information or clicking on malicious links.
- Phishing emails can appear to be from reputable and trustworthy sources, making it difficult for victims to differentiate between legitimate and fake communications.
- The success rate of phishing attacks is often high due to the human factor involved, as people can be easily manipulated by psychological tactics such as fear, urgency, and social proof.
- Phishing attacks can be easily customized and targeted, increasing their chances of success. Attackers can gather information about the victim to make the phishing attempt more convincing.
- The use of technology such as machine learning and artificial intelligence in phishing campaigns has made them more sophisticated and difficult to detect.
- Phishing attacks can occur on multiple messageing services, including email, instant messaging, social media, and text messages, making it easier for attackers to reach their targets.
- Phishing attacks can have far-reaching consequences, such as financial loss, identity theft, and the compromise of sensitive information.
- The lack of cybersecurity awareness and education among the general public makes it easier for phishing attacks to succeed.
Email is the most common malware delivery methodEmail is the most common malware delivery method because it is a widely used and trusted form of communication. Attackers often use emails with malicious attachments or links to deliver malware to unsuspecting victims. These emails often appear to come from a trusted source and trick the recipient into opening the attachment or clicking the link, which can then infect their device with malware.
Additionally, the widespread use of email makes it an easy target for attackers, as they can potentially reach a large number of people with a single email:
- Malware can be disguised as important or urgent documents, leading people to open them.
- Email systems can be easily automated, making it simple for attackers to send large numbers of malicious emails.
- Some email systems have limited security measures in place, making it easier for attackers to get past them.
- People are often less cautious when opening emails compared to other forms of communication, making them more susceptible to falling for phishing scams.
- Email addresses can be easily obtained or guessed, giving attackers a target to send their malicious emails to.
Education, Finance, Manufacturing, Healthcare & Public Administrations are the top targeted industriesThese industries are targeted because they often hold valuable and/or sensitive information and assets, such as personal data, financial information and critical infrastructure. Attackers can use this information for profitable gain or to disrupt operations, causing significant harm.
These industries also tend to have complex technology systems, making them vulnerable to exploitation by sophisticated attackers. Additionally, some of these industries, such as public administration, are responsible for maintaining essential services and therefore, a successful attack can cause widespread disruption.
The below given figures are to be taken from a global perspective. These only reflect incidents that have been transparently reported by affected organizations, but it is obvious that the true scale of these representations is significantly higher considering the number of incidents not reported due to reputational, financial or political reasons:
In the education industry, sensitive information such as student records, financial information, and personal data are often stored. Attackers use phishing emails to trick individuals in the education sector into handing over login credentials or sensitive information.
- 1241 reported incidents, 282 with confirmed data disclosure. Those figures indicate a 23% success rate of attacks perpetrated which resulted in data loss and financial loss.
- Threat actors were listed as 75% external versus 25% internal.
- The compromised data was inventoried as personal data breaches (46%), credentials breaches (30%) and other breaches (24%).
Financial institutions hold sensitive information such as bank account numbers, credit card information, and personal data. Attackers use phishing emails to trick individuals in the finance sector into handing over login credentials or sensitive information, which can then be used to commit fraud or identity theft.
- 2337 reported incidents, 338 with confirmed data disclosure. Those figures indicate a 14% success rate of attacks perpetrated which resulted in data loss and financial loss.
- Threat actors were listed as 73% external versus 27% internal.
- The compromised data was inventoried as personal data breaches (44%), credentials breaches (25%) and other breaches (31%).
Manufacturing companies hold sensitive information such as trade secrets, financial information, and supply chain information. Attackers use phishing emails to trick individuals in the manufacturing sector into handing over login credentials or sensitive information.
- 2527 reported incidents, 690 with confirmed data disclosure. Those figures indicate a 27% success rate of attacks perpetrated which resulted in data loss and financial loss.
- Threat actors were listed as 88% external versus 12% internal.
- The compromised data was inventoried as personal data breaches (39%), credentials breaches (27%) and other breaches (34%).
Healthcare is the top targeted industry for email phishing because it offers a wealth of valuable and sensitive information to attackers. This information, such as medical records, financial data, and insurance information, can be sold on the black market for a high price. Additionally, healthcare organizations often have less sophisticated security measures in place compared to other industries, making them more vulnerable to phishing attacks. Moreover, healthcare workers are often extremelly busy.
- 849 reported incidents, 571 with confirmed data disclosure. Those figures indicate a 67% success rate of attacks perpetrated which resulted in data loss and financial loss.
- Threat actors were listed as 61% external versus 39% internal.
- The compromised data was inventoried as personal data breaches (36%), medical data breaches (28%), credentials breaches (18%) and other breaches (18%).
5. Public Administrations
Public administration entities hold sensitive information such as personal data of citizens, financial information, and confidential information. Attackers use phishing emails to trick individuals in the public administration sector into handing over login credentials or sensitive information.
- 2792 reported incidents, 537 with confirmed data disclosure. Those figures indicate a 19% success rate of attacks perpetrated which resulted in data loss and financial loss.
- Threat actors were listed as 78% external versus 22% internal.
- The compromised data was inventoried as personal data breaches (34%), credentials breaches (25%) and other breaches (41%).
North-America, Middle-East & European countries are regions with the highest average cost of a data breachThe United States was the costliest country for average total cost of a data breach for the 12th year in a row. The top five countries or regions with the highest average cost of a data breach were:
- The United States.
- The Middle East.
- The United Kingdom.
France and Italy respectively rank 7th and 8th in the index.
Top 2 attack varieties once the organization is compromisedClose to 80% of the second-step attacks, once the organization is compromised, are the use of stolen credentials and Ransomware injection.
Use of stolen credentials refers to unauthorized access to an organization's information systems by an attacker who has obtained valid login credentials, such as a username and password.
Ransomware is a type of malware that encrypts an organization's data and demands payment in exchange for the decryption key. Once an organization is infected with ransomware, the attacker typically demands a ransom payment in order to restore access to the encrypted data. This type of attack can have significant consequences for an organization, including loss of access to important data and potentially large ransom payments.
Small organizations are not sparedWhen cybercrime makes the news, it is typically because a large organization has fallen victim to an attack. However, contrary to what many may think, very small organizations are just as enticing to criminals as large ones, maybe even more.
Large organizations have large resources, which means they can afford Information Security professionals and cutting-edge technology to defend themselves. Very small businesses on the other hand have very limited resources and cannot rely on a trained staff.
ConclusionKnowing that 9 out of 10 cyber attacks start with a phishing email and that such attacks are on the rise by 400% on a yearly basis since the COVID-19 pandemic (FBI cyber crime report), securing email is one of the most important functions of any organization; it must be implemented judiciously so that no major problem arises. According to studies, 60% of organizations have lost, on average and worldwide, more than €4 million due to attacks and thefts in the company's infrastructure in the last two years. For a vast majority of these attacks, it all started with an email!
With this in mind, implementing email security is the primary starting point for preventing such incidents within your organization.
This article was initially published on 1 February 2023 by LetzRelay.