Although it’s good to stay optimistic for 2022, it’s difficult to deny that the main challenges the world has been facing since the beginning of the pandemic are still among us. Cybersecurity continues to be one of the key global targets for criminals in a world where an ever-increasing percentage of the workforce is shifting to working from home (WFH), leaving organizations more vulnerable than ever to a wide array of threats.
Related ProductMail Assure
Boost email security with collective intelligence and seamless Microsoft 365 integration.
Of course, some threats are more worrying than others. And for people who use email (that would be an astounding four billion of us every day), the most pernicious attack is phishing. Indeed, 86% of organizations had at least one employee clicking a phishing link last year according to a CISCO’s 2021 cybersecurity threat trends report. On top of this, the stakes are getting higher: 2021 saw the highest average cost of a data breach in 17 years, up from $3.86 million in 2020 to $4.24 million. And there is no reason to believe these numbers will go down any time soon.
This begs the question: why is this? Why aren’t businesses already used to and prepared for these attacks? Why are cybercriminals being allowed to steal more data and money every year using what seems like an outdated technique?
In this blog we’ll try to provide some answers.
Phishing has never been more targeted
Regardless of how many cybersecurity layers your company covers (or at least tries to), the bottom line—and the greatest vulnerability—always remains the human factor. Before implementing security protocols, meeting various technical compliances, or installing all sorts of defensive software, the first step towards safety should be cybersecurity education delivered to all employees no matter their position in the company.
Uneducated staff are the easiest prey for targeted phishing, or advanced spear phishing. While quickly replying to an email that seemingly comes from a trusted source, like a vendor, the financial department, or even your company’s CEO, sounds like a no-brainer to most, that can lead to dire consequences if done without appropriate caution.
Spear phishing attacks target data based on the illusion of trust. So, staff need to learn to be wary of things like requests for a quick financial transaction, an e-signature, or any other sensitive information cybercriminals could find useful. Phishing emails can even mention their name, job rank, or any information that can be casually found on social media—all while being structured like your regular business (or casual) email with no straightforward red flags.
Often these emails will have a link somewhere in the body—and how many times do we think before clicking on an email link? Apparently, not nearly enough. A 2021 report from FireEye found that spear phishing emails had an open rate of 70%, with 50% of recipients clicking on enclosed links (which is ten times the rate for basic, mass phishing).
It is clear that unless businesses step up and drive change, things can go even farther downhill. Email will stay one of the main targets of increasingly sophisticated attacks in 2022, forcing companies to take essential security measures more seriously than before.
Clone phishing
As if advanced spear phishing wasn’t bad enough, cybercriminals have developed a next-level threat that can trick the most cautious users: clone phishing.
Imagine receiving a legitimate email with a link, then, a little while later, you receive an updated version of the same email. It can be anything—an invitation, a customer list, a refund notice—the content of the email stays mainly the same, only the links have been “updated”. Who would sense bad intentions there?
With clone phishing, cybercriminals are copying an authentic email that they have intercepted and replacing the genuine links with malicious ones, usually leading to malware installation. In the aftermath, it is not only the recipient who is at risk but also their entire contact list.
Naturally, this type of attack is especially vicious because it relies on the credibility of the original email and its sender. It is advised that users are extra careful when receiving emails with:
- Subject lines suggesting a time-sensitive matter (e.g., “Hurry”, “before it’s too late”, “expires on”)
- Emails that strongly emphasize that the recipient needs to access a link or a file
- Invitations to events or to collect rewards/promotions, especially if the email is re-sent
Most common malicious content and stolen data
As mentioned above, phishing emails usually contain attachment and/or links that compel the recipients to click on them. A 2021 Tessian survey found that PDFs are most commonly used as malicious attachments. This might be explained by the fact that PDF is a reliable and familiar format—it can also be used to hide malware links, run JavaScript, provide fake invoices, and so on.
The same source suggests that there was a surge in malicious PDFs and Microsoft Office files as a consequence of the shift to remote work after the outbreak of the pandemic. However, it’s important to note that as people are slowly starting to return to offices and are getting used to the phishing storm that has affected all industries, attachments are becoming a less effective way to steal data. In fact, 76% of malicious emails in 2021 did not contain an attachment. Fewer the symptoms, fewer the chances of detecting the problem (in time, that is).
Successful attacks intend to steal as much private, sensitive, business-critical information as possible. For criminals, stealing data is very similar to completing a puzzle—one where the pieces have different values. The top three types of data currently targeted by phishing attacks are:
- Credentials (passwords, PINs, account names, etc.)
- Personal data (full name, email and home addresses, etc.)
- Medical information
Credential theft stands head and shoulder above the others. According to Verizon’s 2021 DBIR report, SMBs were subject to 47% of data breaches (1,037 incidents, 263 with confirmed data disclosure)—of the data compromised, credentials make almost a half (44%). In a world where at least 60% of business-related passwords fail to meet minimum security requirements, these numbers are a recipe for on-going disasters.
How to stay safe?
We live in a dangerous world, but that is no reason to despair. There are proven ways to stay on top of phishing threats, no matter how complex. So, let’s quickly summarize them here:
1. Always check the URL
When in doubt, do not click. Hover your mouse over the link to see where the link directs to. If the address showing in the hovered link is not the same as the address it says it is, do not click on it. If you accidentally click on the link, don’t enter any information on the website; simply close the browser window.
2. Lookout for malicious email attachments
Be careful when receiving email attachments. Check the file first by saving it to your downloads folder and check the file extension. If it contains any of the following: .JS, .EXE, .COM, .PIF, .SCR, .HTA, .vbs, .wsf, .jse at the end of the file name, it has a strong potential to be malicious and you should not click on it or try to open it.
Please note: that these are only some of the more common threatful extensions and that there are many other that you should be cautious about.
3. Add powerful email security
Solutions like N‑able™ Mail Assure can help you safeguard your email from phishing attacks. Leveraging collective intelligence for inbound and outbound email security, Mail Assure uses data gleaned from monitoring more than 2 million domains under management. With near 100% filtering accuracy and 24/7 email continuity, Mail Assure processes that data in its protection engine to combine with near real-time, pattern-base threat recognition and a variety of filtering technologies to help protect against spam, viruses, ransomware, malware, phishing attacks, and other email-borne threats.
Conclusion
The growth of phishing attacks over the past couple of years has shown how effective targeted and topical attacks can be. The sheer availability of information online allows criminals to shift from a mass approach to sending tailored emails that have a considerably higher chance of succeeding. And as the technology becomes available to automate much of this reconnaissance, it is natural to assume attackers will take advantage of it.
Obviously, 2022 is expected to be yet another challenging year for cybersecurity specialists around the world. And while keeping staff educated and aware of the threats surrounding their work and privacy is an essential first step, deploying an efficient security solution is also a must.
If you’re searching for affordable and effective email security, N‑able Mail Assure is your answer here and now. Why not give it a try and provide your business with an extra layer of protection?
Nicolae Tiganenco is Product Marketing Specialist at N‑able
© N‑able Solutions ULC and N‑able Technologies Ltd. All rights reserved.
This document is provided for informational purposes only and should not be relied upon as legal advice. N‑able makes no warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information contained herein.
The N-ABLE, N-CENTRAL, and other N‑able trademarks and logos are the exclusive property of N‑able Solutions ULC and N‑able Technologies Ltd. and may be common law marks, are registered, or are pending registration with the U.S. Patent and Trademark Office and with other countries. All other trademarks mentioned herein are used for identification purposes only and are trademarks (and may be registered trademarks) of their respective companies.