Malicious links now top cyber attack threat globally: Report
Hackers use malicious links as the top deception tactic, comprising 35.6 per cent of threats, and they’re getting more creative about how they get people to click on bad links, a new report showed on Wednesday.
Identity deception is also on the rise, with 39.6 million detected threats between May 2022 and May 2023, according to cybersecurity company Cloudflare.
“Attackers primarily impersonate the brands and entities we trust and rely on. In the majority (60.1 per cent) of cases, attackers pose as one just 25 organisations — including Microsoft, Google, Salesforce and Amazon,” the findings showed.
Attackers posed as more than 1,000 different organisations in over 1 billion brand impersonation attempts. The majority of the time (51.7 per cent), they impersonated one of 20 well-known brands.
Email authentication also doesn’t stop attackers from succeeding as the majority (89 per cent) of unwanted messages passed email authentication methods.
For the report, the team looked at more than 279 million email threat detections, 250 million malicious messages and over 1 billion instances of brand impersonations.
“Phishing is an epidemic that has permeated into the farthest corners of the Internet, preying on trust and victimising everyone from CEOs to government officials to the everyday consumer,” said Matthew Prince, CEO at Cloudflare.
One-third (30 per cent) of detected threats featured newly registered domains.
While business email compromise (BEC) losses have topped $50 billion, corporate organisations are not the only victims that attackers are after.
The real implications of phishing go beyond Fortune 500’s and global companies, extending to small and local organisations as well as the public sector, said the report.