The first half of 2021 shows a 22% increase in the volume of phishing attacks over the same time period last year. However, phishing volume in June dipped dramatically for the first time in six months, immediately following a very high-volume in May.
This was revealed by the latest Quarterly Threat Trends and Intelligence Report from PhishLabs, a provider of digital risk protection solutions.
John LaCour, founder and CTO of PhishLabs, says threat actors continue to employ phishing to steal proprietary information, and are developing more sophisticated ways to do so based on growth in areas such as crypto-currency and sites that use single-sign-on.
“That said, it’s interesting to see the significant dip from May to June 2021. We’ll continue to monitor through the summer and analyse if we’re seeing a trend in the right direction, or if attackers simply took a summer vacation.”
The report also revealed that attackers are eyeing crypto, with this category experiencing an increase of phishing attacks 10 times greater than the same quarter the year before.
Worth noting is that a combination of brand, executive, and employee impersonation attacks accounted for more than half (54.7%) of all social media attacks on the crypto-currency sector.
“Threat actors are impersonating crypto-currency businesses to confuse customers and cash in on the sector’s skyrocketing growth in a medium where a majority of the industry’s communications takes place,” says LaCour.
Crypto exchanges are being targeted with many of the same cyber threats that larger, more established financial institutions have faced for years.
John LaCour, PhishLabs.
The report also highlighted how social media is an increasing attack vector for organisations. Since the beginning of 2021, the average business experienced approximately 34 attacks on social media each month. However, by June this number rose closer to 50, representing a 47% increase through the first half of 2021.
Office 365 phishing is the top e-mail threat to corporate users, with 51% of credential theft attacks found in corporate inboxes during the second quarter targeting O365 accounts.
Similarly, single sign-on (SSO) is an increasingly compelling target for threat actors − 45% of phishing sites targeted accounts that are commonly used for SSO.
According to LaCour, these findings paint a highly specific picture of what attackers are targeting in order to get a foothold in corporate accounts.
“For one, as they’ve gained prominence, crypto exchanges are being targeted with many of the same cyber threats that larger, more established financial institutions have faced for years. Crypto firms need to be aware of and better prepared to deal with online impersonation and other scams.”
He adds that the continued increase in SSO attacks suggests that bad actors recognise that compromising an account used for SSO can give them access to many more secondary accounts that trust the SSO account for authentication.
“This makes these platforms a highly rewarding target, especially if they gain access to Office365 at the enterprise level. An in-depth approach combining technology, user education and operational processes is needed to combat this trend.”