"Credential Phishing Attacks Skyrocketing, 265 Brands Impersonated in H1 2022"
Abnormal Security researchers discovered a 48% increase in email attacks over the previous six months, and 68.5% of those attacks included a credential phishing link. The researchers noted that in addition to posing as internal employees and executives, cybercriminals impersonated well-known brands in 15% of phishing emails, relying on the brands’ familiarity and reputation to convince employees to provide their login credentials. The researchers stated that social networks and Microsoft products were most common among the 265 brands impersonated in these attacks. The researchers noted that it’s easier for attackers to circumvent conventional security measures by compromising people rather than networks. LinkedIn took the top spot for brand impersonation, but Outlook, OneDrive, and Microsoft 365 appeared in 20% of all attacks. The researchers also found that over a third of credential phishing attacks involving brand impersonation targeted educational institutions and religious organizations. The researchers stated that there was a 150% year-over-year increase in BEC attacks, showcasing the increased threat of these most financially-damaging attacks. The researchers noted that BEC attacks target every industry, but advertising and marketing agencies remain the most at risk, with an 83% chance of receiving a BEC attack each week. The researchers also found that financial supply chain compromise is continuing at a steady pace, and adversaries are targeting nearly every size organization, with 89% of large enterprises receiving at least one vendor attack each week.