Comcast: 9 out of 10 Attempts to Breach Customer Networks Start with a Phish

Comcast: 9 out of 10 Attempts to Breach Customer Networks Start with a PhishThe latest data from Comcast Business’ analysis of over 23.5 billion cyber attacks on their business customers shows the importance and role of phishing in attacks.

Over the years there has been a consistent mantra, where everyone agrees that “90-something” percent of cyber attacks start with phishing. There have been plenty of sources that corroborate this using percentages in the 90th percentile, but the overall message is phishing is your greatest Initial Access tactic.

The latest data in the 2023 Comcast Business Cybersecurity Threat Report continues to agree with the phishing sentiment, stating that 89.46% of cyber attacks on their customers begin with a phishing attack.

 2023 Comcast Business Cybersecurity Threat Report

As the report states, “It’s popular because it works.”

Of the 23.5 billion attacks, Comcast identified nearly 2 billion phishing attacks designed to gain initial access through harvesting credentials. In addition, they identified frequently-used malware intent on stealing credentials. 34% of such attacks used spoofed websites to steal credit card details and credentials, 60% used keylogger, trojan, and infostealer malware to obtain credentials, and 6% used malicious documents requiring user interaction.

Regardless of the methodology, the goal is clear – cybercriminals need credentials to gain initial access, to escalate privileges, to move laterally, and to access data. It’s equally clear that phishing is the method of choice to obtain these credentials, making it necessary for organizations to elevate their user’s state of vigilance – something taught with security awareness training – to avoid engaging with malicious content in emails that would trigger the beginning of a cyberattack, even if the goal is to just capture credentials.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Topics: Phishing

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews