Credential phishing attacks more popular than ever

Phishing still appears to be the most cost effective way for attackers to penetrate organizations' networks and applications. So it's no wonder the new Abnormal Security research results indicate a 48% increase in email attacks over the past six months, and 68.5% of those attacks included a credential theft link. In addition to impersonating internal employees and executives, cybercriminals impersonated well-known brands in 15% of phishing emails to convince employees to provide their login credentials.

As was already reported earlier, LinkedIn took the top spot for brand impersonation, while Outlook, OneDrive and Microsoft 365 appeared in 20% of all attacks. Particularly dangerous are 'phishing' e-mails where attackers appeal for urgency, which represents the first step in compromising an employee's e-mail (BEC – business email compromise). Once an attacker gets access to an employee's e-mail, they can launch much more credible attacks against their co-workers.

Furthermore, single sign-on will usually allow access to related internal applications, such as customer support console, CRM, ERP, etc. Witness the recent attack on Twilio, where phishing was the initial technique, later allowing attackers to access an internal customer support application, further expanding the magnitude of attack.

The key to success of the vast majority of today's cyberattacks is still incredibly simple social engineering techniques, ultimately relying on the human factor - the employee who allows the attacker a 'breakthrough'. Brand impersonation adds an additional layer of credibility to those attacks, and so it seems reasonable, more than ever, to focus on security awareness initiatives.

Learn more at Help Net Security.