At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Vishing Makes Phishing Campaigns Three-Times More Successful

    Phishing emerged as the number one threat vector in 2021, but cases of vulnerability exploitation surged 33% year-on-year thanks to the impact of Log4Shell, according to IBM.

    The X-Force Threat Intelligence Index 2022 was compiled from billions of datapoints, including network and endpoint detection devices, incident response engagements and domain name tracking.

    It revealed that phishing overtook vulnerability exploitation as the top pathway for compromise globally last year, accounting for 41% of initial access attempts, up from 33% in 2020.

    Interestingly, click rates for the average targeted phishing campaign increased around three-fold, from 18% to 53%, when phone phishing (vishing) was also used by threat actors.

    In the UK, an estimated 80% of consumers received a scam call or text over the summer of 2021. Regulator Ofcom this week announced new measures which will demand more proactive work from operators to root out the use of spoofed numbers.

    IBM highlighted business email compromise (BEC) and ransomware actors as particularly prolific users of phishing during 2021.

    Despite dropping into second place, vulnerability exploitation remains a major threat to organizations. The number of incidents using this as an infection vector surged by a third year-on-year in 2021.

    “X-Force observed actors leveraging multiple known vulnerabilities, such as CVE-2021-35464 (a Java deserialization vulnerability) and CVE-2019-19781 (a Citrix path traversal flaw), to gain initial access to networks of interest,” the report noted.

    “In addition, we observed threat actors leverage zero-day vulnerabilities in major attacks like the Kaseya ransomware attack and Microsoft Exchange Server incidents to access victim networks and devices.”

    However, it was Log4j vulnerability CVE-2021-44228 (aka Log4Shell) which appears to have driven the vector’s rise in popularity in 2021. Despite only being disclosed in December, it was the second-most exploited bug over the whole year, the report claimed.

    This echoes findings from Fortinet, which revealed this week that Log4Shell was its most prevalent detection of the entire second half of 2021.

    “In less than a month, the Log4j RCE managed nearly 50 times the activity of 2021’s other darling, ProxyLogon, measured by peak 10-day average volume,” it said.

    Help your users spot these fake requests by running them through Security Awareness Training.

    With thanks to the Cyber Defence Alliance and InfoSecurity Magazine. The full story is here: https://www.infosecurity-magazine.com/news/vishing-phishing-three-times/

    Request A Demo: Security Awareness Training

    products-KB4SAT6-2-1

    New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

    Save My Spot!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top