With 79 per cent of organisations using Office 365 and many more looking at migrating in the near future, cybercriminals are exploiting the tech giant’s popularity and trusted reputation to trick victims of their social engineering attacks.
This is according to Barracuda’s latest report titled Spear Phishing: Top Threats and Trends Vol. 6 – Insights into attackers’ evolving tactics and who they’re targeting which found that 43 per cent of all phishing attacks involve the impersonation of Microsoft brands.
The research also revealed that while CEOs and CFOs are the most targeted – on average receiving 57 and 51 phishing emails per year respectively – attackers are now broadening their sights with 77 per cent of Business Email Compromise (BEC) attacks now targeting employees outside of financial and executive roles.
“Cybercriminals are getting sneakier about who they target with their attacks, often targeting employees outside the finance and executive teams, looking for a weak link in your organisation,” said Don MacLennan, SVP, Engineering & Product Management, Email Protection, Barracuda. “Targeting lower-level employees offers them a way to get in the door and then work their way up to higher value targets. That’s why it’s important to make sure you have protection and training for all employees, not just focus on the ones you think are the most likely to be attacked”.
Also Read: Is It Time To Ring The Cyber Alarm Bell?
Barracuda’s latest report draws from research conducted over the period of one year, between May 2020 and June 2021, which involved the analysis of more than 12 million spear phishing and social engineering attacks impacting more than 3 million mailboxes at over 17,000 organisations.
It examined current trends in spear phishing, including which employees are being targeted the most by different attacks, and the new tricks attackers are using to sneak past victims’ defences. The comprehensive report also details the best practices and technology that organisations should be using to defend against these types of attacks.
Key findings include:
- An average organisation is targeted by over 700 social engineering attacks each year of which phishing accounts for the large majority (49 per cent), followed by scamming (39 per cent).
- 43 per cent of phishing attacks impersonate Microsoft, while WeTransfer (18 per cent), DHL (8 per cent) and Google (8 per cent) are also popular brands with attackers.
- 1 in 10 social engineering attacks is business email compromise (BEC).
- 77 per cent of BEC attacks target employees outside of financial and executive roles.
- 1 in 5 BEC attacks target employees in sales roles.
- IT staffers receive an average of 40 targeted phishing attacks in a year.