Phishing Attacks Increase by 54% as Initial Attack Vector for Access and Extortion Attacks



Phishing Attacks Increase by 54% as Initial Attack Vector for Access and Extortion AttacksNew analysis of threat activity for the first quarter of this year shows anyone with access to corporate email is a now on the front lines of modern cyberattacks of all kinds.

The key to a solid cyber defense is knowing your enemy. It’s one of the reasons I spend so much of the time on this blog talking about industry reports – they provide insight into what threat actors are doing so you can know how to change up your cybersecurity strategy. In security vendor Kroll’s Q1 2022 Threat Landscape report, it appears that the kinds of attacks are shifting around in importance, but phishing attacks are playing a primary role.

According to the report, cybercriminals are changing their attack focus:

  • Ransomware attacks are down 30% from the previous quarter
  • Email Compromise is on the rise by 18%
  • Unauthorized access is down by 22%

It also appears that their initial attack vectors are also changing their stripes:

  • Vulnerabilities are down by two-thirds to just 3% of attacks
  • Zero-day exploits are down by half to 13% of attacks
  • Valid accounts are up 233% to represent 10% of attacks
  • Phishing is now used in 60% of attacks as the initial attack vector, rising 54% from last quarter

Those last two jumps are important – notice how phishing rose dramatically, and yet while vulnerabilities and zero-day attacks declined, valid accounts also rose. Where did those valid accounts (no doubt, purchased from the dark web) come from? In most cases, they, too, were obtained using a phishing campaign intent on harvesting credentials.

So, as you look for the best way to shape your cybersecurity defenses to respond to shifts in attack methods, solutions that protect the user from malicious phishing attacks – as in the case of Security Awareness Training – are not only prudent, but necessary. Until we are all able to stop receiving malicious emails, we’re going to need to learn how to spot them to stop them.


Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/phishing-security-test-offer

Topics: Phishing



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews