Cybersecurity is an increasingly important measure for small and medium-sized companies. Last year, we witnessed a scenario where cyber attacks caused a lot of damage, and the forecast for this year is that it will be even greater. Furthermore, with the second wave of the pandemic, many teams returned to working from home, once again generating a feeling of fear on the part of managers and IT professionals, in relation to internet security, and also, remote access made to the internal network of companies. companies.
Given this, new attacks have emerged, and many have been improved, such as Spear Phishing , which has been growing progressively, and deserves special attention from the corporate public.
In this article, you will see the main Spear Phishing threats, some trends for this year and some ways to protect yourself.
What is Spear Phishing?
Imagine that you or an employee receives an email from one of the banks used by the company. In the email, there is a link to a page that appears to be from your own company asking you to change your password for security reasons. Since it looks exactly like the bank, and you use it frequently, it seems like everything is reliable, right? Wrong!
E-mails like this can hide a Spear Phishing scam, which is a personalized attack, sent by email, and targeting a specific organization or individual.
The attackers' objective is to gain access to confidential information, sensitive company data or install malware. This can happen in a simple way, in one click for example, it is possible to expose important data that your company would not want to lose.
The difference between Spear Phishing and its “predecessor” Phishing is that it is particularly targeted at a company or user, therefore it is more difficult to detect than regular Phishing.
Current scenario and trend of Spear Phishing attacks
In a study released by the company Barracuda, it showed that Spear Phishing attacks deserve a lot of attention. According to the study, 71% of Spear Phishing attacks have malicious links, where hackers use various tactics to disguise the links and prevent the user from noticing. Additionally, 12% of Spear Phishing attacks are attacks to compromise corporate email, leaving the company's email server offline indefinitely.
Another interesting fact from the study is that last year (incredible) 72% of Spear Phishing attacks were related to COVID-19, using themes such as fake donations or cures to obtain victims' access data.
Attacks have been improving, as shown in the study, 30% of attacks that include a malicious link, wait for an email response to generate trust with their victim, and then send another email containing the link. This makes the attack more difficult to detect.
According to the FBI, Phishing attacks cost companies more than $26 billion between 2016 and 2019. This number is expected to grow much higher in 2021.
Attacks related to COVID-19
The pandemic scenario has brought interesting opportunities for cybercriminals. In the first few weeks of March 2020 alone, study researchers observed a 667% increase in the number of coronavirus-related Spear Phishing attacks. However, this number did not grow significantly during the rest of the year, but it also did not disappear completely.
In the early days of the pandemic, hackers were able to take advantage of the uncertainty of the situation. But as everyone learned to live with their new reality, cybercriminals shifted their interest to other areas. This shows how quickly attacks can adapt to current events.
Today, the number of Spear Phishing attacks with COVID-19 themes are low. However, this does not mean that other types of attacks are not effective. As we saw previously, hackers adapt and look for effective ways all the time, making strategies more elaborate, looking for more information that is relevant for the user to fall into the trap.
Collaborators x Spear Phishing
According to research, 87% of all Spear Phishing attacks last year were sent during work hours. This makes it clear that the main target of hackers are companies and organizations that use emails as a form of communication and processes in their daily activities.
The relationship between Phishing attacks and employees in companies is great, after all, inattentive employees without adequate training click on malicious links and register personal or company data, often without even suspecting anything.
Therefore, more and more companies are looking for internet security tools, such as blocking access to websites considered harmful , as well as internet security policies and training for teams.
How to Protect Yourself from Spear Phishing
As you've seen, organizations today face increasing threats from phishing attacks. In the case of Spear Phishing, the success rate is higher, as it is a targeted and very individual attack. However, there are effective ways to protect company and user data.
The first way is to implement a safe internet use policy in the business environment, establishing rules and good customs to stay out of trouble.
The second is to offer training to employees , identifying and exemplifying how cyber attacks occur and how they can be identified by users.
But there is a catch. Neither of these two provides full protection, after all, it is part of humanity to make mistakes, and at some point, due to inattention or haste, an employee may click on a malicious Spear Phishing link and put the entire company's data security at risk.
The ideal way to make all internet access secure in the company is to leave it to technology. Internet access control systems such as Lumiun Box block websites considered harmful, adding an extra layer of security to the company's network and leaving employees unable to access malicious links contained in Spear Phishing emails.
See how Lumiun Box works in a demo , or request a free trial . Don't leave your company's data and information at the mercy of hackers on the internet.
Until later!
1 comment
Comments closed