In our recent post on 2021 ransomware trends, we reported that email is far and away the most common delivery mechanism for ransomware, involved in 91% of cyberattacks, by some estimates. Of course, phishing emails can be used for many different types of attacks, not just ransomware. In this post, we’ll look at the latest trends in phishing attacks targeting enterprises. The news is not good.
Here are our takeaways from a recently issued report on Q2 2021 phishing attacks. For the report, hundreds of thousands of phishing and social media attacks targeting enterprises were analyzed.
Phishing Threat is Growing Fast
Phishing attacks continue to be popular with cybercriminals, and exceptionally unpopular with everyone else. The volume of phishing attacks in 2021 is running 22% ahead of 2020. This means that your users are likelier than ever to be targeted by a phishing attack, so it’s more important than ever to have strong defenses in place.
Common Single Sign-On (SSO) Accounts are Increasingly Targeted
Single sign-on can be a two-edged sword when it comes to cybersecurity. As long as the account and credentials used as the base are secure, it enhances security by reducing attack opportunities. On the other hand, if an SSO is compromised, it provides access to many other accounts.
That’s why we’re seeing a significant increase in attacks targeting social media, webmail, cloud services, and eCommerce: Those sites are often used as the SSO logon for secondary accounts. You’ve probably received many offers to create an account and login using your LinkedIn or Google accounts. If those accounts are compromised, the accounts they link to are also compromised. Attacks on accounts commonly used for SSO now account for 45% of all phishing attacks, up from 40% last quarter.
Compromising Legitimate Websites is the Top Staging Method
Many different methods are used by cybercriminals to stage phishing sites, including using free hosting services, paid or free domain registration, tunneling services, and more. Compromising existing sites is the favorite, used in 27.2% of the phishing attacks. Numerous software vulnerabilities have been discovered in leading Content Management Systems such as WordPress, which enable hackers to insert their malicious payloads into legitimate websites. This technique is popular among cybercriminals since user generally regard brand-name sites that they have visited before as safe, and will be less concerned about clicking a link to the site.
Credential Theft is the Biggest Threat
Malware was delivered in infected attachments less frequently than in the past, although 4% of phishing emails were still found to include malware-infected downloadable files. This drop may be a response to improved techniques for detecting and blocking email-based malware. Taking first place as far and away the biggest threat – comprising nearly 64% of the attacks – were attempts at credential theft, leveraging links to copy-cat sites where unsuspecting users “log in” to reveal their credentials.
Most other phishing emails (33%) were response-based attacks, such as Business Email Compromise (BEC), in which hackers try to convince a recipient to send money or take other actions they desire.
Protecting Your Organization from All Sides of the Phishing Equation
Remote Browser Isolation (RBI) applies a number of different isolation technologies and approaches to protect your organization from phishing, regardless of whether it’s your website, your users’ credentials, or your network that cybercriminals have in their sights.
First, RBI protects against malicious links in phishing emails that open infected sites and/or enable ransomware, downloaders or other malware to penetrate endpoints via user browsers. When a user clicks on an email link, RBI opens the URL in a virtual browser that is isolated in a cloud-based container. Safe rendering data is sent to the user’s endpoint browser where the user interacts with it just as they would do with the actual site – only no ransomware, other malware, or any code, for that matter, can reach the endpoint and run on the user device.
Web Application Isolation, an alternative RBI use case, reverses the isolation to protect websites from being exploited to stage malware attacks: Instead of isolating the user, it isolates the application or website, cloaking exposed surfaces so that web page code and APIs can’t be seen and altered.
Importantly, given the widespread use of phishing for credential theft, Ericom RBI opens new, uncategorized or other suspicious websites in read-only mode to prevent users from entering credentials or other sensitive data.
Finally, for attachment that are downloaded from websites or webmail apps, Ericom RBI applies built-in Content Disarm and Reconstruction (CDR), opening the file in isolation and removing any malware within before downloading the file to the endpoint, with desired functionality intact.
Phishing continues to be a major cybersecurity concern. Phishing attacks are more common than ever, and they are getting increasingly sophisticated. Relying on user training is not enough to prevent successful attacks. A recent study demonstrated that 24% of employees clicked through on the best-crafted phishing emails even after going through training, with click rates ranging from 1-5% for more run-of-the-mill phishing emails.
When it comes to email and the web, the Zero Trust maxim of “never trust, always verify” is tough to achieve. As a safe way to access resources that are inherently unverifiable, remote isolation represents an essential technology for today’s digital organizations.