Homepage Barracuda newsroom
Register as BUSINESS Register as PR AGENCY Register as JOURNALIST

Barracuda Research Reveals Dramatic Increase In Targeted Malicious Email Attacks

Announcement posted by Barracuda 03 Aug 2021

New report shows an average organisation experiences more than 700 social engineering attacks in a year

Highlights: 

  • An average CEO receives 57 targeted email phishing attacks each year
  • Cryptocurrency-related attacks grew by 192% between October 2020 and April 2021
  • 43% of phishing attacks impersonate Microsoft brands
  •  

Sydney – 3 August, 2021 - Barracuda, a trusted partner and leading provider of cloud-enabled security solutions, has released a new report detailing the ways in which spear phishing attacks are evolving and who is being targeted.

The report, Spear Phishing: Top Threats and Trends Vol. 6 – Insights into attackers’ evolving tactics and who they’re targeting, provides fresh insights into recent trends in attacks and what can be done to improve protection against them.

Read the full report: https://www.barracuda.com/spearphishing-vol6

The report examines current trends in spear phishing, which employees are being targeted the most by different attacks, and the new tricks attackers are using to sneak past victims’ defences. It also tackles the best practices and technology that organisations should be using to defend against these types of attacks.

Evolving attack trends

Between May 2020 and June 2021, Barracuda researchers analysed more than 12 million spear phishing and social engineering attacks that had affected more than three million mailboxes at more than 17,000 organisations. Some of the key results include:

  • 1 in 10 social engineering attacks involve business email compromise (BEC)
  • There has been a noticeable shift from volumetric to targeted attacks
  • 77% of BEC attacks target employees outside of financial and executive roles 
  • 1 in 5 BEC attacks target employees in sales roles
  • IT staffers receive an average of 40 targeted phishing attacks in a year
  • Phishing impersonation attacks made up 46% of all social engineering attacks in June 2020 and grew to 56% by May, 2021.

The research found that, while extortion attacks made up only 2% of the total during the past year, the number reported actually increased by 78% on the previous 12 months and estimated losses were more than $US70 million.

Phishing impersonation, where a criminal pretends to be a legitimate brand, continues to be a popular tactic. During the 12 months covered by the research, Microsoft was used in 43% of phishing attacks. This was followed by WeTransfer (18%), DHL (8%) and Google (8%).

BEC attacks continue to target a variety of key roles within organisations. These include sales staff who experienced 19% of attacks, finance (13%), managers, directors and VPs (12%), and project managers (10%).

Recent rises in the values of major cryptocurrencies has led to this becoming a favoured angle for cybercriminals. Bitcoin increased in value by almost 400% between October 2020 and April 2021, and during the same period cyberattacks using impersonation techniques grew by 192%.

Crypto-related scam messages also tend to contain certain key terms, designed to instil a sense of urgency among intended victims. Common terms include ‘urgently today’, ‘nearest bitcoin machine’, and ‘day runs’.

Best-practice protection techniques

With the threats posed by phishing attacks set to rise even further, organisations should be taking a range of protective measures. These include:

  • Using artificial intelligence tools to spot suspicious attacks before they can be launched
  • Training staff about the types of threats in circulation and what they need to do to avoid becoming a victim
  • Reviewing internal policies and guidelines about how email messages are treated
  • Deploying account takeover protection as many attacks originate from compromised accounts

“Cybercriminals are getting sneakier about who they target with their attacks, often targeting employees outside the finance and executive teams, looking for a weak link in your organization,” said Don MacLennan, SVP, Engineering & Product Management, Email Protection, Barracuda. “Targeting lower level employees offers them a way to get in the door and then work their way up to higher value targets. That’s why it’s important to make sure you have protection and training for all employees, not just focus on the ones you think are the most likely to be attacked.

Resources: 

Download the full report: https://www.barracuda.com/spearphishing-vol6        

Read the blog post: http://cuda.co/49600

Read Vol. 1 - Best practices to defeat evolving attacks: https://www.barracuda.com/spear-phishing-report

Read Vol. 2 - Email account takeover and defending against lateral phishing attacks: https://www.barracuda.com/spear-phishing-report-2

Read Vol. 3 - Defending against business email compromise attacks: https://www.barracuda.com/spear-phishing-report-3

Read Vol. 4 - Insights into attacker activity in compromised email accounts: https://www.barracuda.com/spear-phishing-report-4 

Read Vol. 5 – Best practices to defend against evolving attacks: https://www.barracuda.com/spear-phishing-report-5

Read the e-book: 13 Email Threat Types to Know About Right Now: https://www.barracuda.com/13-threats-report

  

About Barracuda  

At Barracuda we strive to make the world a safer place. We believe every business deserves access to cloud-enabled, enterprise-grade security solutions that are easy to buy, deploy, and use. We protect email, networks, data and applications with innovative solutions that grow and adapt with our customers’ journey. More than 200,000 organisations worldwide trust Barracuda to protect them — in ways they may not even know they are at risk — so they can focus on taking their business to the next level. For more information, visit barracuda.com.  

 

Barracuda Networks, Barracuda and the Barracuda Networks logo are registered trademarks or trademarks of Barracuda Networks, Inc. in the U.S. and other countries. 

 

ENDS