Phishing assaults are con games that frequently employ social engineering to trick their victims into providing personal or financial information. One of the most prevalent phishing attack strategies is sending a message via email that appears to be from a reputable source but is actually from a phishing site. The phishing site usually imitates sign-in pages that ask for credentials and account information from the users themselves. Once the victim enters sensitive information on the phishing site, the attackers have immediate access to that data.
Phishers are getting better and better, and their attacks are getting more sophisticated. While the ultimate goal of Phishing hasn’t changed, the top spoofing targets have, and email filter-bypassing techniques have become more sophisticated than ever. Let’s look at some developments that have been shaking the whole country.
The Long-term Opportunity Offered by COVID-19
A phishing trend that initially appeared to be passing has turned into a pandemic-focused attack wave that has lasted for eight months. Vade Secure originally discovered COVID-19 phishing emails in March of 2020. The virus and subsequent global lockdowns were exploited by the first COVID-19-themed emails Everyone, from the WHO to state and federal health institutions, appears to have been spoofed at the beginning of COVID.
As the outbreak dragged on, the general population became more aware of the dangers, and hackers altered tactics. There have never been more people working from home than there are now, and hackers have jumped on the opportunity to take advantage of people who are in a vulnerable position. And among the myriads of reasons to hire a cybersecurity consultant, Phishing is among the top ones on the list.
Phishing for COVID-19
The COVID-19 phishing campaign is far from ended, regardless of the subject matter. Hackers will modify their ways to take advantage of the current circumstances as the world goes in and out of lockdown mode and businesses battle to stay afloat.
Now, more than ever, ransomware poses a severe threat.
In the year 2020, ransomware groups were very active. According to their findings, Kroll recently released a report stating that ransomware would be the most prevalent threat in 2020. According to Kroll’s research, among the most common malware in 2020, Ryuk, Sodinobiski, and Maze will account for 35% of all attacks, with 26% coming via phishing emails.
In 2020, the prevalence of ransomware was expected to rise across nearly all categories. CyberEdge Group estimates that in 2020, 62.4% of firms will have been hit by ransomware, up from 56.1% in 2019. By 2019, ransomware cost businesses $11.5 billion, and organizations hit by the virus paid the ransom in 57.5 percent of cases, up from 45.1 percent in 2019.
In 2020, ransomware targeted MSPs particularly aggressively. Coveware and NinjaRMM conducted a joint poll and found that 57% of MSPs saw an 11-20% client turnover rate due to a ransomware attack. 13% of MSPs reported a 50% or more churn rate. Cryptolocker, WannaCry, and CryptoWall were the most prevalent ransomware versions, according to MSPs.
The Reappearance of Emotet
As we near the end of the year, Emotet malware has made a comeback. Microsoft discovered a large-scale phishing campaign utilizing malicious URLs and attachments on July 17, and an alert was issued as a result.
Vade Secure saw an unusual rise in the number of unique Microsoft phishing attacks in August. Usually, Microsoft detects roughly 240 distinct phishing URLs on peak days, but on August 21, that figure jumped to 846.
Security agencies in Australia, Japan, France, and Italy sent alerts regarding Emotet activity in September. There was a significant rise in Microsoft phishing URLs around the same period, according to Vade Secure: 1,799 on September 1 and 1,151 on September 21. Vade Secure continued to detect waves of Emotet activity into October, especially on weekdays when employees are riveted to their inboxes. Malicious Word documents and phishing emails posing as a Microsoft Word update were used in the latest Emotet attacks.
Thread hijacking is a common phishing technique used in Emotet emails. Hackers inject themselves into email threads and pose as colleagues and connections to spread further infections via phishing links and attachments, including password-protected.ZIP files, thanks to tools like Outlook scraper.
If you haven’t done so previously, now is the time to begin phishing training. Users should receive immediate, contextualized instruction in addition to organized activity whenever they click on a phishing link. In Vade Secure for Microsoft 365, automatic phishing awareness training is provided by Vade Threat Coach. Finally, phishing attacks continue to target cloud services the most of any other sector.