Email attacks are on the rise in 2022, with credential phishing making up the majority of the attacks. Credential phishing cyberattacks are ones in which hackers attempt to steal user credentials by posing as a known or trusted entity in an email, instant message or other channel. Such attacks are often preceded by a general phishing attack. But people have gotten better at spotting run-of-the-mill general phishing, so hackers have gotten more sophisticated.
Now hackers are impersonating, or “spoofing,” brands to seem more credible. Social networks, Microsoft products, and e-commerce and shipping providers are the most commonly spoofed brands. LinkedIn is #1 in social media for this purpose. People are used to getting emails from LinkedIn, so it makes for a good brand to spoof. Different industries get targeted with different brands, as well. Apparently, hackers have determined which brands work best on people from each industry. Clearly, someone is doing some big data analytics.
The best defense is to stop the phishing attacks before they reach a person’s inbox. But eventually some phishing emails will get through. Once the credentials have been stolen, it’s only a matter of time before a breach will follow.
In 2022, data breaches are down 15% for the first half of the year compared to 2021. But that is believed to be due to breach disclosures taking a longer report, rather than the actual number of breaches falling. At least the number of records being stolen or corrupted in breaches has fallen dramatically as organizations have gotten much better at plugging obvious configuration issues.
In response to that, hackers have started using double extortion. Not only are records encrypted in place, but they are removed, or exfiltrated, as well. This means that a viable backup no longer protects you from the ransomware. If data was only encrypted by ransomware at least most, if not all of it could be restored from a backup. But once the data is exfiltrated, only paying the ransom will prevent public disclosure.
The growth of cloud services and remote work has exacerbated these issues, by introducing complexity to an organization’s network and introducing the opportunity for more human error. Remote users in particular, are very vulnerable. Working remotely places much of the burden for cybersecurity in the hands of the individual that may not be cognizant of all the security issues and is physically removed from support. Besides, having more data and files in clouds results in more places where things can go wrong.
Ultimately, all this hacking effort is going to work at least some of the time. All the employee training and artificial intelligence content filtering is going to fail at some point. It’s just bad luck. This is why ComputerVault’s cybersecurity features are so valuable, because they can actually prevent the user for reaching the malicious websites and resources even if they have been fooled by the phishing attack.