Phishing attacks analysis finds worrying trends

Phishing attacks analysis finds worrying trends

Phishing attacks analysed by Positive Technologies experts against organisations in 2022–2023 found that cyber criminals pose as contractors to target governments and defence.

As the phishing-as-a-service model has become common practice, experts predict an increase in the role of AI in both conducting and preventing attacks.

The analysis found that the main objectives of these attacks are data theft (85%) and financial gain (26%) and a particular focus of the research on hacktivists revealed that they are especially active in the midst of the current geopolitical situation.

Their main objective is to harm a victim by any means possible, as was the case with the attack on Iran’s petrol stations last December.

Phishing-as-a-service has become commonplace, a trend Positive Technologies forecasted several years ago.

Today, phishing-as-a-service is used by professional APT groups, savvy independent attackers, and even newcomers without any special knowledge or skills.

Positive Technologies analysed messaging apps and forums on the dark web where social engineering was mentioned. The analysis showed that the most popular requests and offers were related to ready-made phishing projects, tools for conducting phishing attacks, and the development of phishing web pages.

The majority of phishing attacks are carried out through email (92%), but criminals can adapt to the particularities of the target company and use messaging apps (8%) and SMSs (3%) to deliver their malicious messages.

Alexey Lukatsky, Information Security Business Consultant at Positive Technologies said: “Phishing is mainly evolving through the automation of attacks with the help of AI tools.

“The AI tools are becoming increasingly popular and are used both by cybersecurity experts to counter cyberthreats and by criminals to prepare and execute phishing attacks. Cybercriminals use AI to maintain engaging and relevant dialogues with their targets, generate convincing phishing messages, and create deepfakes of voices, images, and videos.”

According to the research, criminals most often pose as contractors (26% of attacks).

Ekaterina Kosolapova, Information Security Analyst at Positive Technologies added: “They send fake reconciliation statements, invoices, contract renewal documents, and other data related to interactions between contractors.

“This tactic is widespread because it is applicable to almost all organizations and legitimates the presence of links or attachments in the message. In 58% of attacks, such lures were sent without reference to a specific industry. However, this method is used more than any other in targeted attacks on medical, financial, industrial, and telecommunication organizations.”

To prevent, detect, and respond to phishing attacks, experts suggest that companies educate their employees on cybersecurity and conduct phishing simulations. They also recommend using reputation mechanisms based on security solutions like SWG (Secure Web Gateway), NGFW (Next Generation Firewall), and SASE (Secure Access Service Edge), as well as EDR (Endpoint Detection & Response) solutions and sandboxes for mail traffic and protection against phishing, built into popular browsers or implemented through additional plugins.

Basic cyberhygiene on personal computers and mobile devices should not be neglected either, such as regularly updating software and granting minimal privileges to applications.