Cybersecurity is an increasingly important measure for small and medium enterprises. Last year we witnessed a scenario where cyber attacks caused a lot of damage, and the forecast for this year is even greater. In addition, with the second wave of the pandemic, many teams returned to the home office, generating a feeling of fear on the part of the managers and IT professionals, regarding Internet safety, as well as the remote access made to the companies' internal network.
Given this, new attacks have emerged, and many have been improved, as is the case with the progressively growing phishing Spear Phishing
In this article, you will see the main threats of spear phishing, some trends for this year and some ways to protect yourself.
What is spear phishing?
Imagine that you or an employee receive an email from one of the banks used by the company. In the email, there is a link to a page that seems to be from your own company asking you to make a password change for safety reasons. As the appearance is exactly the same as the bank, and you use it often, it seems all reliable, right? Wrong!
Emails like this can hide a Spear Phishing blow, which is a personalized attack, sent by email and targets a specific organization or individual.
The purpose of the invaders is to gain access to confidential information, sensitive company data or install any malware. This can happen simply, in one click for example, you can expose important data that your business would not like to lose.
The difference from spear phishing and its “predecessor” phishing is that it is particularly directed to a company or user, so it is harder to detect than common phishing.
Current scenario and trend of spear attacks
In a study released by Barracuda, showed that spear phishing attacks deserve a lot of attention. According to the study, 71% of Spear Phishing attacks have malicious links, where hackers use multiple tactics to disguise links and prevent the user from noticing. In addition, 12% of Spear Phishing attacks are attacks to compromise business email, leaving Offline's email server indefinitely.
Another interesting fact of the study is that last year (incredible) 72% of Spear Phishing attacks were related to COVID-19, using fake donations or donations to obtain victims' access data.
The attacks have been improved, as shown in the study, 30% of attacks that include a malicious link, expect an email response to generate confidence with their victim, and then send another email containing the link. Thus, the attack is harder to detect.
According to the FBI, phishing attacks cost companies more than $ 26 billion between 2016 and 2019. This number is expected to grow much higher for 2021.
COVID-19-related attacks
The pandemic scenario brought interesting opportunities to cybercriminals. In the early weeks of March 2020 alone, study researchers observed a 667% increase in the number of coronavirus -related phishing attacks. However, this number did not grow significantly during the rest of the year, but it did not completely disappear.
In the early days of the pandemic, hackers were able to take advantage of the uncertainty of the situation. But as everyone learned to live with their new reality, cybercriminals have turned their interest to other areas. This shows how quickly the attacks can adapt to current events.
Today, the number of COVID-19-related Spear Phishing attacks is low. However, it does not mean that other types of attacks are not effective. As we have seen earlier, hackers adapt and seek effective ways at all times, making strategies more elaborate, seeking more information that is relevant for the user to fall into the trap.
Employees x spear phishing
According to the survey, 87% of all last year spear attacks were sent during working hours. This makes it clear that the main target of hackers are companies and organizations that use emails as a form of communication and processes in their daily chores.
The relationship between phishing attacks with employees in companies is large, after all, inattentive and without proper training employees, click on malicious links and register personal or company data, often without even suspecting anything.
Therefore, companies are increasingly looking for safety tools on the Internet, such as blocking of access to websites considered harmful , as well as policies and training in internet security for teams.
How to protect yourself from spear phishing
As you have seen, organizations today face increasing threats of phishing attacks. In the case of Spear Phishing, the success rate is higher because it is a directed and very individual attack. However, there are effective ways to protect data from company and users.
The first way is to implement a policy of safe internet use in the business environment, establishing rules and morals to stay away from problems.
The second is to offer training to employees , identifying and exemplifying how cyber attacks occur and how they can be identified by users.
But there is one in the spot. None of these two provides full protection, after all, it is part of humanity to make mistakes, and at some point for inattention or in a hurry, an employee can click on a malicious Spear Phishing link and put all company data security at risk.
The ideal way to make all Internet access safe in the company is to leave this to technology. Internet access control systems like Lumiun Box , block websites considered harmful, adding an extra security layer to the company's network and leaving employees unable to access malicious links contained in Spear Phishing emails.
See how Lumiun Box works on a demonstration , or request a free test . Do not leave company data and information at the mercy of hackers on the internet.
Until later!
1 comment
Comments closed