Phishing attacks continue to dominate the security landscape, though other avenues for cybercrime are seeing growth in popularity, according to a report from ReliaQuest.
In its latest quarterly threat report, the security vendor said that phishing attacks now account for some 46% of all incidents its customers report from August through October.
“Month after month, cybercriminals turn to phishing for initial access because it's simple, effective, and reliable. Unsurprisingly, threat actors prefer to ‘work smart, not hard’ to achieve their goals,” explained ReliaQuest.
“In addition, phishing kits that are readily available on cybercriminal forums enable even less sophisticated hackers to infiltrate systems successfully.”
Part of the problem the ReliaQuest team found was that in many cases workers are not being trained in how to recognize suspicious emails. Even when a company makes training a priority, high turnover rates adds to the lack of recognition of suspicious email.
“Even if employees are properly trained to recognize the signs of phishing, the constant influx of untrained new hires creates opportunities for cybercriminals,” explained the researchers.
“Phishing often serves as the gateway to cyber attacks, opening the door to impactful follow-on activity like malware and ransomware deployment or access to internal networks, ultimately causing substantial financial losses.”
This is not a phenomena isolated to ReliaQuest. A recent study by Cyber Risk Alliance similarly found that companies with high numbers of less-experienced and part-time workers considered themselves more vulnerable to phishing attacks and email-based security threats.
Other potential risks include a growing use of remote service attacks. In such cases attackers will exploited services such as remote desktop protocol (RDP) or VPN services that companies are increasingly relying on to support remote users.
“Increased use of remote service solutions also means increased numbers of weak or default credentials, granting attackers easy access,” explained ReliaQuest.
“Moreover, RDP ports are often exposed to the internet, which allows threat actors to easily scan for open ports and launch brute-force attacks.”
It is not all good news for threat actors, however.
The researchers also noted a drop in activity from the popular LockBit ransomware, which they believe is due to increased police activity around the malware, both as a direct result from takedowns and as a result of decreased trust and confidence in the ransomware group due it being in the crosshairs of police worldwide.
