Spear Phishing from Trusted Sites Bypassing SEGs 65% of the Time

The rise of well-crafted spear phishing is the leading factor in the success of phishing attacks in 2021.

In an environment where cybercriminals use automation and AI to increase the likelihood of compromising a target, the once-reliable security strategies of Secure Email Gateways (SEGs), firewalls, and other anti-phishing protections are no longer adequate safeguards against rapidly evolving phishing tactics. For instance, spear-phishing delivered through legitimate cloud services can bypass traditional cybersecurity solutions. Since these attacks focus on a person, not the technology, success rates are higher, providing the attacker a lower-cost entry point into an organization.

According to Gartner, a dramatic increase in phishing attacks’ volume and success requires reevaluating security controls and processes. Additionally, the significant shift to remote working continues to fuel the adoption of cloud services and other collaboration tools beyond email, and these are likely to become additional attack vectors1.

Protecting users from these well-crafted spear-phishing attacks requires an anti-phishing toolbox that covers several attack vectors and goes beyond URL inspection and domain reputation.

As cyber criminals gather more user information through multiple communication channels, matching data to build detailed lists of targets and focus on delivering attacks through legitimate infrastructure, the likelihood of compromising a target is high. CISOs recognize these well-crafted spearing-phishing attacks are fast becoming their biggest problem. Spear-phishing has expanded to SMS, social networks, collaboration platforms, videoconferencing, and gaming services to make matters worse.

In the first half of 2021, SlashNext Threat Labs have seen phishing vulnerabilities increase, and the number of phishing attacks getting through SEGs, proxies, and endpoints are on the rise.

  • Up 65% of spear-phishing threats are getting through to user inboxes
  • 1:5 phishing to employee ratio
  • 18% of these users are in executive roles
  • 50% of these emails are sent from compromised accounts
  • 80% of these attacks were hosted on compromised websites or hosting providers

While these real-world statistics are not true for all, most security defenses do not stop 100% of phishing threats. By letting some threats into the organization, do you have a target on your back for ransomware, supply chain attacks, or intellectual property theft?

Join SlashNext Founder and CPO Atif Mushtaq, and SlashNext CEO Patrick Harr for Phish Stories 8: Spear Phishing from Trusted Sites on August 26th at 10 AM PT to explore the latest hacker techniques and how to stop these attacks from getting past current defenses. Register here

 

1: Gartner Market Guide for Email Security, Published 8 September 2020

 

Blog Subscription

It’s Time to Get Started with SlashNext

Experience the difference with broad phishing threat coverage and automated delivery.