New data from Microsoft Security Insights sheds some needed light on exactly what the bad guys are doing and how they’re shifting tactics. Sometimes it feels like the bad guys are attacking from all sides, often making it difficult to determine which direction to point your defense efforts. According to the latest data from Microsoft, you may want to keep an eye on spear phishing.
Microsoft’s Security Insights provides insight into what attack trends are being seen. According to the latest data, the percentage of all emails that are phishing emails rose a whopping 74% in 2019 over 2018. But, what kinds of attacks are in use with these malicious emails? Microsoft’s data shows that Cryptomining is all but dead, use of malware is down 34% year-over-year, and ransomware detections are down as well.
So, what exactly is the plan here?
According to Mimecast’s latest Email Security Risk Assessment report, Business Email Compromise (BEC) saw a 269% increase! BEC leverages spear phishing to target the specific individuals within an organization that can be of “help” to ensure an attack is successful.
By looking at the Microsoft and Mimecast data, it becomes clear that while malware and ransomware are not going anywhere, the current trend – at least for the moment – seems to point towards lots of BEC scams and spear phishing as the attack vector. With the average BEC take at over $270,000, this attack is gaining ground.
Traditional detection-based defenses can only do so much, as BEC often uses social engineering over malicious attachments or links to do the dirty work. Your best defense is to empower your users with Security Awareness Training so they will be mindful that they need to be vigilant against BEC, lowering the risk of successful attack.