Metrics in phishing and ransomware are skyrocketing; users continue to be the deciding factor in cybersecurity.
“Attackers don’t hack in, they log in, and people continue to be the most critical factor in today’s cyberattacks.” said Ryan Kalember, EVP of cybersecurity strategy, Proofpoint.
A new report out this month shows phishing attacks were up 440% in May, a new record for a single month spike. Energy industries like oil, gas, and mining saw a phishing increase of 47% over the first half of the year, while manufacturing saw a 32% increase over the same amount of time. Credential phishing was the most common target, accounting for two thirds of attacks.
Hackers continue to find new and more sophisticated methods of attack. COVID-19 is still a popular phishing vector, but hackers are now turning to AI learning to target their victims. This new approach has been deemed smart phishing. Criminals are using intelligent malware to mine user behavior on mobile or desktop platforms. The data is used to spear phish a user on a service they regularly access.
Phishers are also using file sharing platforms instead of email attachments. Most users understand an email attachment from an unknown sender is dangerous. Criminals are exploiting the credibility of Dropbox and other file sharing services to embed malicious links hosted on these platforms.
An increase in phishing, results in an increase in ransomware. In the first half of 2021, ransomware demands increased by 518% and payments went up 82%. To match the record set in phishing attacks, a new payment record in ransomware was recorded at $570,000 up from $312,000 last year. The study also noted average payment amounts were up 171%.
Experts cite the global move to remote work as a large factor in the increase, as well as a lack of employee education on cybersecurity. “People aren’t learning from their cyber mistakes and more concerning, they aren’t equipped with knowledge on how to prevent repeat mistakes,” says Grayson Milbourne, security intelligence director at Webroot. Educating employees and then testing that education with IT controlled internal attacks continues to be an overwhelming factor in fending off hackers.
Quanexus IT Support Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.