In May through July, as many as 37 percent of cyber incidents could be traced to phishing.
That’s according to figures from ReliaQuest. Compared to the same three months a year earlier, the percentage decreases slightly. According to ReliaQuest, however, this is more of an anomaly than a downward trend. This is because cybercriminals like to use it to cleverly exploit what ReliaQuest calls the weakest link in the chain: humans. Phishing is simple, according to the company.
Despite its simple nature, there are several ways to optimize attacks for greater effectiveness. One popular method to increase the success rate of phishing is spearphishing, which occurs in 7.5 percent of cases. Internal spearphishing occurs primarily as a lateral movement technique. This form occurs after access to a legitimate user account is gained. Attackers then use the e-mail address, which is trusted by colleagues, to distribute rogue links or attachments. They can also use the accounts to distribute fake content via chat applications such as Microsoft Teams and Slack.
Login credentials on the street
ReliaQuest also pulls this a bit broader and sees that exposed login credentials are a significant threat to businesses: in 88.75 percent of cases, they were. This is a 29 percent increase from last year when it accounted for 60 percent of all reports. This type of report involves the combination of username and password being leaked in a public data breach or through sales on underground forums.
Tip: Huge database of sensitive info exposed to the internet