Ironscales, a leading vendor of anti-phishing solutions, has published a new report on the latest phishing trends. The report shows how phishing tactics have changed, the effectiveness of phishing campaigns and how traditional anti-spam technologies are failing to block spear phishing attacks.
The report – titled ‘How Modern Email Phishing Attacks Have Organizations on the Hook’ – was the result of a study of 8,500 verified phishing attacks on 100 organizations affecting 500,000 mailboxes. Those organizations were spread across many industry sectors including healthcare, finance, energy and Insurance in North America, Europe, Africa and the Middle East.
Phishing emails used to be fairly easy to identify and block; however, the tactics used by cybercriminals today result in more phishing emails being delivered to inboxes. The volume of phishing emails has also increased. The Anti Phishing Working Group found there was a 65% increase in phishing attacks in 2016 compared to 2015. The use of phishing in cyberattacks has similarly increased. In 2016, a SANS institute report suggested 95% of all cyberattacks on organizations started with a spear phishing email.
The Ironscales report showed that cybercriminals are increasingly using spear phishing to attack organizations and are concentrating on quality over quantity. 77% of verified phishing attacks targeted 10 or fewer mailboxes while one third of attacks targeted a single mailbox.
These targeted email attacks often go undetected and are not blocked by spam filters. Ironscales determined that for every 5 brand spoofing attacks that were detected by spam filters, 20 went undetected. The most commonly spoofed brands were discovered to be DHL, Amazon and Google.
Ironscales found phishing attacks now tend to be short lived, with 47% of campaigns running for less than 24 hours and 65% lasting less than 30 days.
The latest phishing trends report from Ironscales shows cybercriminals are developing increasingly sophisticated phishing campaigns and are adopting new tactics to bypass defenses and get emails into inboxes. These sophisticated phishing attacks now represent the biggest cyber threat to organizations.
Ironscales says the combination of machine learning with human intelligence helps to detect threats faster and more effectively. Ironscales says “ Of the 100 Ironscales’ customers analyzed, 55 percent of organizations discovered attacks in one minute or less while 75 percent discovered attacks in less than 5 minutes. The false positive rate was as low as 2 percent on reported attacks.”