Barracuda Study Uncovers How Cybercriminals Target with Spear Phishing

Barracuda, a provider of cloud-first security solutions, has released key findings about the ways spear-phishing attacks are evolving. The report, “Spear Phishing: Top Threats and Trends Vol. 7” includes findings on the latest social engineering tactics and the growing complexity of attacks. It reveals fresh insights into recent spear-phishing attacks and how to avoid them.

The report examines current trends in spear phishing, which businesses are most likely to be targeted, the new tricks attackers are using to sneak past victims’ defenses and the number of accounts that are being compromised successfully. It also tackles the best practices and technology that organizations should be using to defend against these types of attacks.

Between January 2021 and December 2021, Barracuda researchers analyzed millions of emails across thousands of businesses. Here are some of the key takeaways from their analysis:

  • An average employee of a small business with less than 100 employees will experience 350 percent more social engineering attacks than an employee of a larger enterprise.
  • Conversation hijacking grew almost 270 percent in 2021
  • 51 percent of social engineering attacks are phishing.
  • Microsoft is the most impersonated brand, used in 57 percent of phishing attacks
  • 1 in 5 organizations had an account compromised in 2021.
  • Cybercriminals compromised approximately 500,000 Microsoft 365 accounts in 2021.
  • 1 in 3 malicious logins into compromised accounts came from Nigeria.
  • Cybercriminals sent out 3 million messages from 12,000 compromised accounts

“Small businesses often have fewer resources and lack security expertise, which leaves them more vulnerable to spear-phishing attacks, and cybercriminals are taking advantage,” said Don MacLennan, SVP, Engineering & Product Management, Email Protection, Barracuda. “That’s why it’s important for businesses of all sizes not to overlook investing in security, both technology and user education. The damage caused by a breach or a compromised account can be even more costly.”

Read the full report: https://www.barracuda.com/spearphishing-vol7