Spearphishing seems to have become a "disproportionately successful" form of social engineering.
Barracuda Networks reports 2023 spear phishing trends.
Barracuda released its 2023 spear phishing trends report today which describes spear phishing as having a disproportionate success rate than other email attacks. The researchers report “These attacks make up only 0.1% of all email-based attacks according to Barracuda’s data but are responsible for 66% of all breaches. On the other hand, high-volume attacks such as spam and malware, make up 16% of emails but are only responsible for one-third of breaches.” According to the report 50% of the organizations studied had been affected by a spear phishing attack in 2022, with 24% having at least one email account compromised through an account takeover. Researchers explain that when a spear phishing attack is successful, it can have severe effects, “55% of respondents that experienced a spear-phishing attack reported machines infected with malware or viruses; 49% reported having sensitive data stolen; 48% reported having stolen login credentials; and 39% reported direct monetary loss.”
Rules-based detection methods don’t seem to be effective.
Fleming Shi, CTO at Barracuda, asserts that rules-based traditional detection methods are too slow to be an effective mitigation method. ““To help stay ahead of these highly effective
attacks, businesses must invest in account takeover protection solutions with artificial intelligence capabilities. Such tools will have far greater efficacy than rule-based detection mechanisms” said Mr. Shi. Barracuda’s study found that on average it took 100 hours to detect and counter a successful spear phishing attack (43 hours for detection, and 56 hours to repel the attacker from systems.) Four days is a long time for an attacker to be in a network, and plenty of time for the attacker, or attackers, to exfiltrate sensitive information or stolen credentials.
Researchers find that mostly remote businesses have a longer response and mitigation time to spear phishing attacks.
Companies with more than a 50% remote workforce seem to be at a higher risk for spear phishing and, when the attacks occur, the mostly remote companies have a harder time mitigating the attack. Mostly remote companies reported receiving on average 12 malicious emails a day as opposed to the 9 per day that traditional workplace companies face. Additionally, the researchers found that companies with mostly remote employees required 118 hours to detect and respond to an event while traditional companies required 87 hours.
Recommended detection and mitigation techniques.
The researchers recommend that companies employ machine learning and artificial intelligence technologies to better adapt to the constantly evolving techniques of attackers. They also recommend utilizing account-takeover protocols, “Ensure scammers aren’t using compromised accounts in your organization to launch spear-phishing attacks. Use technology with artificial intelligence to recognize when accounts have been compromised and that remediates in real time by alerting users and removing malicious emails sent from compromised accounts.” Along with these new technologies Barracuda recommends companies employ some traditional security measures such as multi-factor authentication and inbox rules that monitor for suspicious logins. While hardware and software based security is crucial to disrupting an attack while it is ongoing, it is also important to protect the part of these companies that spear phishing is targeted against: people. Employees require training to effectively spot suspicious emails and recognize when a link or file is suspicious. Additionally, the employees should know what reporting methods they can use to spread the word about these attacks should they recognize it.