JULY, 2018

Phishing has been seen to be one of the most common attack vectors used by cybercriminals due to its simple but effective techniques. The global epidemic is having a negative impact on organisations of all sizes, and across all industries, at a high frequency.

One of the reasons why phishing, as an attack vector, is so successful, is down to individuals not being able to identify the difference between an email from a trusted source and a phishing email. All it takes is a few unsuspecting or preoccupied users to open a malicious attachment or click on a malicious link to provide threat actors with access to sensitive data.

Cybersecurity awareness training is a vital investment because although staff are often considered to be the weakest link in the cyber fight, it is rarely considered that they can also be the strongest asset from a security perspective.  A well trained and vigilant user can stop an attack far more effectively than any technology solution can. Therefore, there should be a focus on educating people organisation to become a layer of protection, rather than perceive them as part of the problem.

Another reason for its success is that the phishing emails can bypass SPAM Filters, firewalls, and gateway security scans that still rely on signatures and email content scanning when analysing messages.

Hackers have come to realise that most email security providers offer signature-based and behavioural signature solutions that scan links and attachments. Malicious actors find their hacking tools and techniques relatively unchallenged by these defences as they are limited to following rules, easily disrupted through spear phishing and social engineering.

Organisations are investing time and money in applying signature-based and behavioural signature solutions OR security awareness and training to help identify and report phishing emails. However, organisations are yet to realise that to minimise the risk of email phishing attacks, machines and humans must continuously work together.

Spear Phishing Increasingly Laser Designated

IRONSCALES analysed data to better understand the trends in email phishing, attacker patterns, phishing tools and techniques.

Key findings…

Approximately 77% of attacks targetted 10 mailboxes or less.

One-third (33%) of attacks targeted just one mailbox.

Blast Attacks Becoming More Micro-Targeted as Attackers Test Drip-Campaign Attacks
Key findings…

More than 47% of email phishing attacks lasted less than 24 hours.

Nearly 65% of email phishing attacks lasted for less than 30 days. 

Of the email phishing attacks that lasted more than 30 days, 35% spanned for 12 months or more.

Machine Learning Expedites Detection to Remediation from Months to Seconds
Key findings…

55% of attacks were discovered in one minute or less

75% of attacks were discovered in less than 5 minutes 

Majority of Targeted Attacks Bypass Email Filters
Key findings…

Almost 95% of email phishing attacks were highly-targeted campaigns, with the majority impersonating internal communication teams or individuals.

For every 5 brand spoofed attacks identified by spam filters, approximately 20 spear- phishing attacks bypassed the safeguard and went undetected.

The insights into email phishing discussed in this blog are extracted from Ironscales 2017 Trend Report: How modern email phishing attacks have organisations on the hook.

To better understand the trends in email phishing, attacker patterns, phishing tools and techniques and hacker preferences, read the full IRONSCALES report here:  https://ironscales.com/trendreport2017/

IRONSCALES has pioneered an advanced anti-phishing threat protection platform that combines human intelligence and machine learning technology to automatically analyse, detect and remove malicious emails before and after they land in the inbox using a multi-layered and automated approach.

Keep Up To Date

Join our mailing list to receive the latest news and updates from Secrutiny.


Keeping you up-to-date

*We’d love to keep you up to date with security alerts, free tools & techniques, event invites and company updates. We’ll always treat your details with the utmost care and will never sell them to other companies for marketing purposes. Remember you can change your preferences and opt-out at any time.