Analecta Cyber Company Blog: Phishing remains top attack vector for professional and novice criminals

2016-03-28

Phishing remains top attack vector for professional and novice criminals

According to a recent report from PhishLabs, phishing schemes remain the easiest as well as the most productive method for criminals to exploit organizations and individuals with the use of technology. The report identified this type of cyber attack as the most effective way in targeting potential victims. The report also emphasized some major developments in connection with phishing attacks that have emerged over the years.

A recent data breach which involving a phishing attack happened at Magnolia Health Corporation in California. In the early part of February, an attacker pretended to be the facility's CEO by sending a spoofed email. The email appeared to be legitimate because it contained the proper address and naming scheme used by the company. The spoofed email asked for all active employees' personal information. This event affected other facilities managed by Magnolia including Twin Oaks Assisted Living Inc., Twin Oaks Rehabilitation And Nursing Center Inc., Porterville Convalescent Inc., Kaweah Manor Inc. and Merritt Manor Inc.

BEC attacks

The attacker was able to get an Excel spreadsheet with employee numbers, full name, address, sex, date of birth, Social Security number, hire date, seniority date, salary/hourly status, salary/rate, department, job title, last date paid and assigned facility. The attack, classified as BEC, or Business Email Compromise/ Correspondence, is a more focused variation of the spear phishing type of attack.

The report of PhishLabs indicated that the use of BEC Spear Phishing attacks to target medical organizations stretched out immensely in 2015. It added that attackers ultimately evolved and developed a much more sophisticated technique which targeted new victims.

Their report also indicated that in 2015, about 22% of these kinds of attacks were motivated by scams involving money and the likes. Their analysis showed that it usually required very little effort from the attackers to implement BEC Spear Phishing scheme.

To conclude, around the globe, the US remained the main target of phishing attacks, accounting for up to 77%. The PhishLabs' report also noted that due to the rise of cyber crimes, organizations today are willing to spend more on the prevention, detection and response measures of their network system to these cyberattacks.