Phishing Trend: Quality, Not Quantity?

iStock-1183143306 (1)A new report from CyberCube found that sophisticated cybercriminals are increasingly shifting to launching business email compromise (BEC) attacks against executives, Insurance Business reports. These targeted attacks require more effort than generic phishing spam, but the potential payoff is far higher.

A similar trend has been seen in ransomware attacks, where criminals are conducting more targeted and damaging operations and requesting ransom amounts tailored to the victim organization. Oliver Brew, CyberCube’s head of client services, stated that this is part of a larger shift within the cybercriminal landscape.

“The business model for cyber crime is evolving rapidly,” Brew said. “Threat actor groups are conducting campaigns and adjusting their models to extract greater value from a smaller number of attacks. Recently, we’ve seen some very sophisticated and aggressive organized criminal groups conduct carefully targeted ransomware attacks, which mark a move away from the traditional high-volume, low-value approach.”

CyberCube’s head of content, Yvette Essen, said that remote working conditions create more openings for attackers to get into an organization’s networks or to hijack conversations.

“Criminals are realizing that ransom demands of millions of dollars are achievable when the target becomes a corporation rather than lots of consumers,” Essen said. “The danger now is that the coronavirus outbreak is creating the ideal conditions for ransomware attacks to flourish. With widespread working from home, increased internet traffic, increasing use of technology for what were face-to-face transactions, corporations must increase their vigilance.”

Meanwhile, Darren Thompson, CyberCube’s head of cybersecurity strategy, noted that many ransomware attacks aren’t disclosed, so these incidents are far more common than people might think.

“It’s important to remember that the amount of ransomware attacks like Travelex which have gone public are just the tip of the iceberg,” he said.

Any organization can be targeted with ransomware or business email compromise attacks. New-school security awareness training can prepare your employees to defend themselves against social engineering tactics.

Insurance Business has the story:

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Ransomware Has Gone Nuclear Webinar

Get the latest about social engineering

Subscribe to CyberheistNews