2024 State of Vishing Report
Cunning phish are on the rise, according to industry experts at Microsoft. Additionally, phishing attacks continued to be the top attack vector through 2018. While ransomware attacks have decreased by 60% since 2017, the cleverness of phishing attacks has been increasing. Don’t fear, there is still plenty of truly-cringeworthy phish assaulting your network, but you should be on the lookout for new, more thoughtful phishing attacks in 2019. As our industry’s defenses strengthen over time, malicious actors must seek new and inventive ways of targeting and exploiting our users. Some of these new phishing attacks do just that very effectively.
In the past, phish sent for financial gain were pervasive and popular, but now criminals are going for something even more valuable: your business. Over the course of 2019, be prepared to see an increase of phish targeting SaaS credentials over financial information. Phishing emails will appear in the form of Dropbox, Slack, G-suite, or Office 365 login pages, and the attackers are hoping to gain persistent access to an aspect of your network.
Additionally, 2019 will bring with it an increase in malicious payloads deployed through shared file services. As most email systems will scan for malicious links in an email, attackers are now using these trusted URLs to execute their attacks. Combine a malicious DropBox link with the above attack, where the criminal may have access to one of your user’s accounts, and this is a recipe for disaster for enterprise environments.
Finally, be on the lookout for more business email compromise phish, where a malicious actor begins an email exchange with an innocuous email to a key stakeholder in your organization. Once the exchange begins, the attacker’s foothold is in place and they will begin to grow the relationship. This type of phishing attack can be used in tandem with other social engineering attacks, such as vishing. Social-Engineer, LLC’s CEO, Chris Hadnagy, explains that many enterprises are feeling increasingly confident in their security postures due to strong firewalls and IPS. However, the evolution of industry security is matched by the evolution of the attackers’ means and mindset.
There are strategies to protect your network against ever-evolving phishing threats:
If you need assistance strategizing, improving, or implementing your enterprise-wide phishing education and awareness programs, be sure to get in touch. We are here to help! Social-Engineer, LLC are the only social engineering experts offering fully-managed phishing programs for your enterprise using our patented Phishing-as-a-Service (PHaaS®) methods.
Sources:
https://www.darkreading.com/attacks-breaches/phishing-attacks-evolve-as-detection-and-response-capabilities-improve-/d/d-id/1334109
https://www.forbes.com/sites/forbestechcouncil/2019/01/10/four-phishing-attack-trends-to-look-out-for-in-2019/
https://www.darkreading.com/endpoint/whos-at-greatest-risk-for-bec-attacks-not-the-ceo/d/d-id/1332711
https://www.social-engineer.com/not-all-phishing-programs-are-created-equal/
https://www.social-engineer.com/phishing-as-a-service-phaas/
In the rapidly evolving digital landscape, no entity is immune to the pervasive threat of cyberattacks. The security breach at MGM Resorts highlights the vulnerability of even massive organizations. As
SMiShing Attacks in the News In February 2024, 19.2 billion spam texts bombarded U.S citizens according to a recent report. As annoying as spam texts are, they are not always
