Europol Finds Majority of Attack Groups Rely on Spear Phishing as Primary Infection Vector

A new report from Europol’s European Cybercrime Center (EC3) breaks down how targeted phishing attacks are being done, and how to avoid becoming a victim.

It’s important for organizations to understand the tactics used by cybercriminals, so that proper defenses can be propped up. The more closely aligned your layered security strategy is to attack tactics, the more successful your strategy will be.

So, when a report like Europol’s Spear Phishing: A Law Enforcement and Cross-Industry Perspective breaks it down for you, it’s a good idea to take notice. Built upon insights from 70 global financial institutions, this report provides solid insight into how attacks are happening.

According to the report,

• Spear-phishing is heavily used; in 65% of targeted attacks, spear-phishing is used as the primary attack tactic
• In data breaches, phishing accounts for 32% of the attacks
• Phishing is present in 78% of all cyber incidents

In short, phishing and spear-phishing are some of your worst enemies.

Given that half of all malicious email attachments are office files, according to Europol, it means – in general – users need to interact with these attachments for them to have any effect. So, it makes sense that one of the aspects of your security strategy needs to be user Security Awareness Training to educate users on how to identify suspicious email content and to avoid clicking on attachments. Additionally, phishing testing of your users helps provide a feedback loop for the training, helping you identify where your “user security,” as it were, is weakest.