More than half of phishing attacks in 2022-2023 were targeted, meaning they targeted specific organizations, sectors or countries. The focus of attackers (44% of all incidents tracking industry focus) and defense organizations (19%) was mostly government agencies. The third most popular target of targeted attacks was businesses in science and education (14%). socialbites.ca learned about this from a report presented by Positive Technologies (PT) at the presentation “Cyber Security in Finance” at the Ural forum.
According to the research, in such attacks, attackers mostly (26%) impersonate the other party. Phishers send victims fake reconciliation reports, invoices, contract renewal documents, and other data related to interactions with contractors.
“The popularity of this trick is explained by the fact that it can be applied to almost any organization and involves the presence of links or attachments in the message. In 58% of the attacks, such baits were found not to be tied to a specific sector. It is also the subject of targeted attacks against medical, financial, industrial and telecommunications organizations.” it is used more often,” said Ekaterina Kosolapova, an analyst from the research group of the information security analytics department of Positive Technologies.
The PT report also shows that most phishing attacks are carried out via email (92%), but criminals can adapt to business specifications by using instant messaging (8%) and SMS (3%) to deliver malicious messages. A popular attack scenario is to impersonate an executive or employee of an organization across various communication channels. To create a fake profile to send malicious messages, the attacker only needs to know the name and have photos of the head or employee of the victim organization.
Previously expert named The most popular way to deceive customers of Russian banks on the Internet.