Barracuda research uncovers new insights into the ways cybercriminals are targeting businesses with spear-phishing attacks

Posted date: 2022-03-16 3:00 AM

New report shows that small businesses are three times more likely to be targeted than larger organizations

 

CAMPBELL, Calif., March 16, 2021  —  

 

Highlights: 

  • An average employee of a small business with less than 100 employees will experience 350% more social engineering attacks than an employee of a larger enterprise.
  • Cybercriminals sent out 3 million messages from 12,000 compromised accounts.
  • 1 in 5 organizations had an account compromised in 2021.
  • Cybercriminals compromised approximately 500,000 Microsoft 365 accounts in 2021.

 

Barracuda, a trusted partner and leading provider of cloud-first security solutions, today released key findings about the ways spear-phishing attacks are evolving. The report, titled Spear Phishing: Top Threats and Trends Vol. 7 – Key findings on the latest social engineering tactics and the growing complexity of attacks, reveals fresh insights into recent trends in spear-phishing attacks and what you can do to protect your business.

Read the full report: https://www.barracuda.com/spearphishing-vol7       

 

The report examines current trends in spear phishing, which businesses are most likely to be targeted, the new tricks attackers are using to sneak past victims’ defenses, and the number of accounts that are being compromised successfully. It also tackles the best practices and technology that organizations should be using to defend against these types of attacks.

 

An in-depth look at attack trends

Between January 2021 and December 2021, Barracuda researchers analyzed millions of emails across thousands of businesses. Here are some of the key takeaways from their analysis:

  • An average employee of a small business with less than 100 employees will experience 350% more social engineering attacks than an employee of a larger enterprise.
  • Conversation hijacking grew almost 270% in 2021.
  • 51% of social engineering attacks are phishing.
  • Microsoft is the most impersonated brand, used in 57% of phishing attacks.
  • 1 in 5 organizations had an account compromised in 2021.
  • Cybercriminals compromised approximately 500,000 Microsoft 365 accounts in 2021.
  • 1 in 3 malicious logins into compromised accounts came from Nigeria.
  • Cybercriminals sent out 3 million messages from 12,000 compromised accounts.

 

“Small businesses often have fewer resources and lack security expertise, which leaves them more vulnerable to spear-phishing attacks, and cybercriminals are taking advantage,” said Don MacLennan, SVP, Engineering & Product Management, Email Protection, Barracuda. “That’s why it’s important for businesses of all sizes not to overlook investing in security, both technology and user education. The damage caused by a breach or a compromised account can be even more costly.”

 

Resources: 

Download the full report: https://www.barracuda.com/spearphishing-vol7       

Read the blog post: http://cuda.co/50710       

Read Vol. 1 – Best practices to defeat evolving attacks: https://www.barracuda.com/spear-phishing-report

Read Vol. 2 – Email account takeover and defending against lateral phishing attacks: https://www.barracuda.com/spear-phishing-report-2

Read Vol. 3 – Defending against business email compromise attacks: https://www.barracuda.com/spear-phishing-report-3

Read Vol. 4 – Insights into attacker activity in compromised email accounts: https://www.barracuda.com/spear-phishing-report-4 

Read Vol. 5 – Best practices to defend against evolving attacks: https://www.barracuda.com/spear-phishing-report-5

Read Vol. 6 – Insights into attackers’ evolving tactics and who they’re targeting: https://www.barracuda.com/spearphishing-vol6  

Read the e-book: 13 Email Threat Types to Know About Right Now:  https://www.barracuda.com/13-threats-report

 

  

About Barracuda  

At Barracuda we strive to make the world a safer place. We believe every business deserves access to cloud-first, enterprise-grade security solutions that are easy to buy, deploy, and use. We protect email, networks, data and applications with innovative solutions that grow and adapt with our customers’ journey. More than 200,000 organizations worldwide trust Barracuda to protect them — in ways they may not even know they are at risk — so they can focus on taking their business to the next level. For more information, visit barracuda.com.  

 

Barracuda Networks, Barracuda and the Barracuda Networks logo are registered trademarks or trademarks of Barracuda Networks, Inc. in the U.S. and other countries.