Pages

60 Percent of Extortion Attacks Now Use Phishing to Initiate Attacks

Cyber attacks have been on the rise for several years now, and by this point they have become an unavoidable phenomenon if you want to stay connected to the internet. With all of that having been said and now out of the way, it is important to note that malicious actors frequently change up their tactics because of the fact that this is the sort of thing that could potentially end up making them harder to predict, and this has led to a resurgence in phishing attacks.

Phishing attacks have become less successful in and of themselves, but a new report from Kroll that analyzed the threat landscape for the first quarter of 2022 revealed that they are being used more frequently as initial attack vectors. Vulnerabilities and zero day exploits used to be the main vectors for phishing attacks, but in spite of the fact that this is the case they are now only used 3% and 13% of the time respectively.

That represents a 67% decrease for vulnerabilities and a 50% decrease for zero day exploits. While that along with the 30% decrease in ransomware attacks might seem like a cause for celebration, other statistics from this report can dampen that mood. The use of valid accounts as initial attack vectors went up by an alarming 233%, and while they still only comprise 10% of all attacks this increase suggests that malicious actors are getting better at utilizing valid accounts by gaining access to them.

Phishing has seen a 54% rise in its usage, and it is now the initial attack vector for 60% of total extortion attacks with all things having been considered and taken into account. That might be why valid accounts are being used so much more often, and it explains why there has been an 18% increase in compromised emails.

Malicious actors have clearly gone back to basics after the business world started to mitigate their advanced techniques, so companies need to educate their employees about how phishing works. With initial vectors increasingly relying on phishing, it might become a much more dangerous attack form.
Read next: Paying the Ransomware Amount Often Doesn’t Get Businesses Their Data Back

No comments: