Barracuda has released key findings of the ways spear-phishing attacks are evolving. The report, titled Spear Phishing: Top Threats and Trends Vol. 7–Key findings on the latest social engineering tactics and the growing complexity of attacks, reveals fresh insights into recent trends in spear-phishing attacks and what you can do to protect your business.
The report examines current trends in spear phishing, which businesses are most likely to be targeted, the new tricks attackers are using to sneak past victims’ defenses, and the number of accounts being compromised successfully. It also tackles the best practices and technology that organisations should be using to defend against these types of attacks.
An in-depth look at attack trends
Between January 2021 and December 2021, Barracuda researchers analysed millions of emails across thousands of businesses and identified some key takeaways:
An average small business employee with less than 100 employees will experience 350% more social engineering attacks than an employee of a larger enterprise.
- 51% of social engineering attacks are phishing.
- Microsoft is the most impersonated brand, used in 57% of phishing attacks.
- 1 in 5 organisations had an account compromised in 2021.
- Cybercriminals compromised approximately 500,000 Microsoft 365 accounts in 2021.
- 1 in 3 malicious logins into compromised accounts came from Nigeria.
- Cybercriminals sent out 3 million messages from 12,000 compromised accounts.
Sharing his insights on the report, James Forbes-May, Vice President, APAC at Barracuda Networks, said, “Cybercriminals do not discriminate based on the size of an organisation to conduct attacks. However, small businesses are extremely vulnerable to spear-phishing attacks because they collectively have a substantial economic value and often lack security resources or expertise. This gives the malicious attackers better opportunities to take advantage. That’s why it’s important for businesses of all sizes to prioritise investments in security, both in terms of technology and user education. After all, the damage caused by a breach or a compromised account can be devastating to smaller businesses.”