A spear-phishing study by security company Barracuda has found that a third of malicious logins into compromised accounts in 2021 came from Nigeria.
The finding was included in the Spear Phishing: Top Threats and Trends Vol. 7 – Key findings on the latest social engineering tactics and the growing complexity of attacks report, released by the company on Wednesday.
The report is based on Barracuda researchers’ analysis of “millions of emails across thousands of businesses” between January 2021 and December 2021.
Researchers observed: “A significant shift is underway as cyber-criminals move from volumetric to targeted attacks, from malware to social engineering, from operating as single hackers to forming organized criminal enterprises profiting from attacks that begin with a single phishing email.”
They found that 51% of social engineering attacks were phishing. Microsoft was the most impersonated brand, used in 57% of phishing attacks. Researchers found that approximately 500,000 Microsoft 365 accounts were compromised by threat actors in 2021.
One in five organizations had an account compromised in 2021, with employees at small enterprises more than three times more likely to be attacked. An average employee of a business with fewer than 100 employees will receive 350% more social engineering attacks than someone employed at a larger company.
A large increase in the popularity of conversation hijacking attacks was observed, with the volume of attacks exploiting this vector increasing by 270% over the year.
Researchers warned that email protection that relies on rules, policies, allow or blocklists, signatures and other types of traditional email security are no longer effective against the constantly evolving threat of socially engineered attacks because hackers can trick users into taking actions such as sharing their credentials.
“Small businesses often have fewer resources and lack security expertise, which leaves them more vulnerable to spear-phishing attacks, and cybercriminals are taking advantage,” said Don MacLennan, senior vice president of engineering and product management and email protection at Barracuda.
“That’s why it’s important for businesses of all sizes not to overlook investing in security, both technology and user education. The damage caused by a breach or a compromised account can be even more costly.