Remember the days when everything you had to protect was safely housed behind a first-generation firewall, before the proliferation of the cloud and sophisticated cyber threats? We heard that long sigh and we understand. We miss the ’90s too.
Advancements in technology since then have brought countless improvements to every aspect of our lives, but they’ve also created several ever-evolving threats that are nearly impossible to keep up with.
Identifying the most successful spear phishing attack strategies
In a bid to do just that, Barracuda recently took a deep dive into some of today’s most successful spear phishing strategies, through the inaugural quarterly spear phishing report. Over the course of three months, Barracuda studied 360,000 real spear-phishing emails and identified three major attack methods: brand impersonation, email compromise, and blackmail.
The findings were dissected to show what makes these attacks work, the flaws with traditional email security that let them slip through the cracks, and how organisations can better protect themselves.
The study found that brand impersonation is clearly the flavour of the month for today’s cyber criminals, and it is used in the vast majority (83 percent) of all spear-phishing attacks.
However, when it comes to email compromise, sextortion scams are on the rise, making up ten percent of all spear-phishing attacks. “Sextortion” involves attackers using passwords stolen in historical breaches as a ruse to persuade victims into paying a ransom in order to prevent a compromising video (which the attacker claims to have been able to record via the victim’s computer) from being released. In fact, these blackmail attempts are twice as likely to be aimed at employees than email compromise.
As if they weren’t dangerous enough, these evolving threats are also increasingly capable of evading detection. From the get-go, these phishing attempts waste no time in conjuring panic in victims by including security alerts, alluding to previously discussed issues, or including the recipient’s email address or password in the subject line.
When it comes to the emails themselves, criminals have adopted name-spoofing techniques, where the email account is altered to give the impression it has come from a company employee. This method can be especially effective when viewed from a mobile device.
Unsurprisingly, one in five of all attacks impersonate renowned financial institutions, with finance department employees being prime targets due to their involvement and ability to deal with banks or other financial institutions.
How can MSPs avoid these attacks?
These tactics are designed to evade traditional security solutions and, worse still, often succeed. This is understandable, particularly for SMEs. After all, how can they be expected to continually update and adapt their security measures to keep up with these fluid threats?
It’s unrealistic to expect SMEs to keep abreast of the right combination of technology, the right training measures, and the right knowledge of the expanding threat landscape – especially when they’re primarily focused on doing right by their mission-critical needs.
As luck would have it, finding the right solution from the right MSP can solve all this and more. Barracuda provides critical solutions built to detect and protect against spear-phishing in all its forms, with an MSP-dedicated technology suite that evolves and educates just as fast as the criminals.
Photo: wk1003mike / Shutterstock