Cybercriminals are continuing to bypass the use of malware in favor of response-based and credential-centric social engineering attacks, according to new data from Agari and PhishLabs.
Malware-based attacks certainly are not dead, as threat actors need to gain control over endpoints, and ransomware continues to thrive. But new data from PhishLabs’ Quarterly Threat Trends & Intelligence Report shows that cybercriminals are favoring attacks that are less likely to be detected by security solutions – the greatest, of which, is vishing.
According to the report, hybrid vishing now leads over business email compromise (BEC) as the second most reported response-based threat, with one in four reported response-based attacks being a vishing attack.
Response-based threat – those attacks that rely on social engineering and requiring the interaction of a corporate user – represented 37.5% of email-based threats as well, with credential theft used in nearly 59% of attacks, and malware delivery only occurring in less than 4% of attacks.
This breakdown demonstrates the power and effectiveness of the use of social engineering tactics and the longer-term play by threat actors to gradually gain the access needed to compromise networks and breach data.
It also makes the case for the need for Security Awareness Training to counteract such tactics – whether the medium is email, web, voice, or text. If users are not fully-prepared for social engineering attacks, the trends outlined by the PhishLabs report indicate that cybercriminals will continue to win the battle, seeing more successful attacks via social engineering.
Request A Demo: Security Awareness Training
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/kmsat_quote-request_partner?partnerid=001a000001lWEoJAAW