Social Engineering Attacks are on the rise. Current research reveals some key takeaways about how these attacks are evolving and how cybercriminals are now targeting smaller businesses, hoping it will give them a better chance at successfully compromising accounts and wreaking further havoc. As these cybercriminals step up social engineering attacks, organizations of all sizes need to be prepared for spear-phishing attacks.
Here is an in-depth look at key findings:
– An average employee of a small business with less than 100 employees will experience 350% more social engineering attacks than an employee of a larger enterprise.
– Conversation hijacking grew almost 270% in 2021.
– 51% of social engineering attacks are phishing.
– Microsoft is the most impersonated brand, used in 57% of phishing attacks.
– 1 in 5 organizations had an account compromised in 2021.
– Cybercriminals compromised approximately 500,000 Microsoft 365 accounts in 2021.
– 1 in 3 malicious logins into compromised accounts came from Nigeria.
– Cybercriminals sent out 3 million messages from 12,000 compromised accounts.
There are five distinct categories of social engineering attacks – business email compromise, phishing impersonation attacks, extortion attacks, scamming attacks, and conversation hijacking. Below are further details about each of these attacks.
Business email compromise, or simply BEC, attacks usually involve impersonating an individual inside or outside an organization. In 2021, these attacks made up 9% of all the socially engineered attacks, roughly the same as the year before. But, they are grabbing a more significant share of headlines. Education, healthcare, commercial, and travel — organizations from every industry fell victim to one of these attacks, often losing millions of dollars. In a typical BEC attack, a hacker will impersonate an employee, usually an executive, and request wire transfers, gift cards, or that money be sent to bogus charities.
Phishing impersonation attacks will usually pose as emails from a well-known brand or service to trick victims into clicking on a phishing link. These attacks make up 51% of all socially engineered threats we’ve seen in the past year. Almost all the episodes that fall into this category will include a malicious URL. Although phishing emails are nothing new, hackers have started to deploy ingenious ways to avoid detection by link protection technologies and deliver malicious payloads to users’ inboxes. They shorten URLs, use numerous redirects, and host malicious links on document-sharing sites to avoid being blocked by email scanning technologies.
Hackers are starting to use phishing as part of their ransomware attacks increasingly. They impersonate well-known brands to lead victims to phishing sites and steal their login credentials. Once they have access to a company’s accounts, they can spread ransomware from within, reducing the chances of it being detected.
Extortion attacks make up only 2% of the total number of targeted phishing attacks we have seen in the past year. These attacks mainly were sextortion email threats, where hackers threatened to expose sensitive or embarrassing content to their victim’s contacts unless a ransom was paid. Demands are usually a few hundred or a few thousand dollars and need to be paid in bitcoin, which is difficult to trace.
Scamming attacks can take many shapes and forms, ranging from claims of lottery wins and unclaimed funds or packages to business proposals, fake hiring, donations, and other schemes. Scamming attacks tend to be slightly less targeted than the different types of attacks described above. However, they represent 37% of all social engineering attacks we’ve detected in the past year and are still successful. Because hackers cast a wide net with the different types of scams they develop, these threats cost victims hundreds of millions of dollars.
For example, hackers have used COVID-19 in their scams over the past couple of years. In early 2021 we saw an uptick in vaccine-related scams with fake offers for early access to vaccinations. By the end of 2021, cybercriminals switched tactics by focusing on selling COVID-19 tests to their victims.
Conversation hijacking, also known as vendor impersonation, is a targeted email attack in which cybercriminals insert themselves into existing business conversations or initiate new discussions based on information gathered from compromised email accounts or other sources.
Conversation hijacking is typically, but not always, part of an account-takeover attack. Attackers use phishing attacks to steal login credentials and compromise business accounts. They then spend time reading through emails and monitoring the compromised account to understand business operations and learn about deals in progress, payment procedures, and other details. Criminals leverage this information, including internal and external conversations between employees, partners, and customers, to craft authentic-looking and convincing messages, send them from impersonated domains, and trick victims into wiring money or updating payment information.
Keep your employees educated and your company safe by staying aware of these threats. Contact us today at 502.262.2552 to learn more about how we can help educate your team and be your partner for both cybersecurity management and response to any cybersecurity incidents.
