Abnormal Security released a report on the current email threat landscape and found a spike in credential phishing attacks over the last year. The research found a 48% increase in email attacks over the previous six months, and 68.5% of those attacks included a credential phishing link. In addition to posing as internal employees and executives, cybercriminals impersonated well-known brands in 15% of phishing emails, relying on the brands’ familiarity and reputation to convince employees to provide their login credentials. Most common among the 265 brands impersonated in these attacks were social networks and Microsoft products. LinkedIn took the top spot for brand impersonation, but Outlook, OneDrive and Microsoft 365 appeared in 20% of all attacks. Over a third of the phishing attacks targeted educational institutions and religious organizations. What makes these attacks particularly dangerous is that phishing emails are often the first step to compromising employee email accounts.
Proper security training is paramount within organizations to teach employees how to spot targeted phishing attempts. IT and security departments within organizations should outline to employees how communications will be carried out. Educating users on how to spot phishing emails is always important. However, it is becoming increasingly difficult for users to spot more sophisticated attacks. Email scanning can be a helpful tool when attempting to recognize and quarantine phishing emails. Malicious URL detection can also be used to help block emails that include links to malicious content. Due to the escalating number of known and unknown vulnerabilities in modern computing systems, a defense in depth strategy utilizing post-exploitation detection approaches, such as those employed by Binary Defense’s MDR and Threat Hunting services, is highly recommended.