Spear Phishing: Top Threats and Trends Vol. 5 – Best practices to defend against evolving attacks

As their speedy exploitation of fears around the COVID-19 pandemic show, cybercriminals adapt quickly to current events and new tactics. This in-depth report takes a look at the evolving trends in spear-phishing and the new ways attackers are tricking their victims

Key findings

• 12% of spear-phishing attacks are BEC attacks
  Business email compromise (BEC) makes up 12% of the spearphishing attacks analyzed, an increase from just 7% in 2019.
• 72% of COVID-19-related attacks are scamming
  In comparison, 36% of overall attacks are scamming. Attackers prefer to use COVID-19 in their less targeted scamming attacks that focus on fake cures and donations.
• 13% of all spear-phishing attacks come from internally compromised accounts
  Organizations need to invest in protecting their internal email traffic as much as they do in protecting from external senders.
• 71% of spear-phishing attacks include malicious URLs
  Hackers use multiple tactics to disguise malicious links and avoid detection by URL protection solutions.
• Only 30% of BEC attacks included a link
  Hackers using BEC want to establish trust with their victim and expect a reply to their email, and the lack of a URL makes it harder to detect the attack.

Overview of spear-phishing attacks

Researchers at Barracuda have identified 13 email threat types faced by organizations today. These range from high-volume attacks, such as spam or malware to more targeted threats that use social engineering such as business email compromise and impersonations.

Some of these attacks are used in conjunction with others; hackers often combine various techniques. For example, many brand impersonation attacks include phishing URLs, and it’s not uncommon to see conversation hijacking as part of business email compromise. Understanding the nature and characteristics of these attacks helps you build the best protection for your business, data, and people.

Traditionally, hackers focused on malware attacks, but in recent years they have shifted their efforts to ransomware and targeted phishing attacks with the goal of capturing user credentials.

Targeted spear-phishing attacks are growing in volume, complexity, and the impact they have on businesses. These carefully designed and targeted attacks have a much higher success rate getting through email security, landing in users’ inboxes, and tricking them into taking an action. This research focuses on trends associated with these social engineering attacks, the latest tactics and techniques used by cybercriminals, how these threats have evolved over time, and what organizations can do to prevent and block these attacks.

Barracuda researchers evaluated more than 2.3 million spearphishing attacks between August and October 2020 that targeted more than 80,000 organizations around the world.

Download the report today.