2018 saw Phishing Attacks increased by 250%

Microsoft's new report found that there is increase in phishing attacks by 250% between Jan. and Dec. 2018. According to the SIR (Security Intelligence Report) Volume 24 of Microsoft, attackers have shifted their tactics and are targeting now-a-days multiple points of attacks under one campaign.

CEO of Lucy Security - test and training company of cybersecurity, Colin Bastable, said that "hacking is a multi-billion-dollar industry. If it was being run by one company rather than a mix of organized crime syndicates, lone wolves and governments, it would be comparable to a major NASDAQ tech business".

Unfortunately, malicious actors are able to find success by using new tactics, such as transitioning from URLs, servers and domains to dispersing of emails along with hosting phishing forms. Latest Security Intelligence Report of Microsoft noted that by adoption of both public cloud tools and hosted servers, the attackers have been able to disguise themselves more easily so that they give the impression of legitimate products or services.

Bastable stated that "these are smart, motivated people with not much to lose and a lot on the upside. They're ahead of most security vendors in the Cyber Security war, because the vendors play defense".

Microsoft's report evidences challenges that the CISOs as well as numerous vendor CTOs face, when they have to understand the various attack techniques and methods available to the hackers. The Media Trust's digital threat analyst, Usman Rahim, said that malicious actors are all the time on lookout for the new methods to hack machines and devices.

The report stated that "phishing, whether through email, malvertising, or any other channel, takes advantage of the fact that most consumers pay little attention to details and are likely to click on an email link, an ad, and enter sensitive information when prompted".

Threat actors were becoming more innovative, and are finding new methods to escape the detection. Best defense for the organizations is by taking a layered approach towards security involving employee training as well as collaboration with the digital supply chain partners. Internal threats are addressed by the former; whereas the latter addresses the risks residing within supply chain, majority of which falling under radar of most organizations.

» SPAMfighter News - 3/20/2019