December 7, 2021 By David Bisson 2 min read

Security researchers detected an increase in both phishing campaigns and brute force attacks in the first half of 2021.

Vendor and Business Email Compromise Attempts Also Up

According to Abnormal Security, the volume of brute force attacks grew by 160% starting in May 2021 and ending in mid-June. This means that brute force attacks targeted 26% of all organizations per week on average during that period — more than double the rate (10%) for a typical week.

Some weeks registered a higher volume of attacks than others. In particular, the rate of attacks for the week of June 6 shot up 671% over the previous week’s average. Subsequently, nearly a third of all organizations found themselves targeted by brute force attacks that week.

Credential phishing attempts also increased in H1 2021. They rose from two-thirds of advanced attacks in Q4 2020 to more than 73% of attempts in Q2 2021.

Such growth highlights the fact that digital criminals can use a compromised email account to conduct secondary attacks. That threat includes vendor email compromise as well. In this case, attackers seize a vendor account and inject themselves into an ongoing email conversation. Then, they use that access to send fraudulent invoices or banking details under their control.

These types of attacks rose for the fourth consecutive quarter in Q2 2021.

And then there are business email compromise scams. This type of attack grew from 0.2 campaigns per 1,000 mailboxes at the beginning of the year to 0.41 campaigns by the end of June.

The Growing Speed of Phishing Attacks

The findings discussed above highlight the extent to which phishing attacks have become easier and cheaper to conduct.

No wonder then that the average phishing attack lasts an average of 21 hours. That breaks down to nine hours from when the first victim visits the campaign’s malicious domain to when the first detection comes in. After that, it’s another seven hours before detection rates of the phishing site peak. Another five hours account for the time where victims receive the link and browse the site.

At the same time, it doesn’t cost attackers all that much to conduct a phishing attack. They can purchase an email list between $50 and $500 on a dark web marketplace, for instance. Once they’ve bought it, they can then use the same list to launch other attacks.

How to Protect Against Phishing and Brute Force Attacks 

Organizations can protect themselves against credential phishing and brute force attack campaigns by cultivating a culture of cyber awareness. Specifically, they can use threat intelligence to educate their employees about some of the most recent phishing attacks targeting users. It’s important to use phishing simulations as part of this process. That way, you can test employees’ knowledge and provide follow-up learning modules where needed.

At the same time, organizations need to implement technical controls designed to safeguard their authorized accounts. They can do this by putting multi-factor authentication in place to prevent a set of compromised credentials from translating into a successful account takeover. They can also leverage single sign-on to reduce the pressure for employees to remember too many passwords for too many web accounts.

More from News

CISA warns about credential access in FY23 risk & vulnerability assessment

3 min read - CISA released its Fiscal Year 2023 (FY23) Risk and Vulnerability Assessments (RVA) Analysis, providing a crucial look into the tactics and techniques threat actors employed to compromise critical infrastructure. The report is part of the agency’s ongoing effort to improve national cybersecurity through assessments of vulnerabilities in key sectors. Meanwhile, IBM’s X-Force Threat Intelligence Index 2024 has identified credential access as one of the most significant risks to organizations.Both reports shed light on the persistent and growing threat of credential…

CISA launches portal to simplify cyber incident reporting

2 min read - Information sharing just got more efficient. In August, the Cybersecurity and Infrastructure Security Agency (CISA) launched the CISA Services Portal. “The new CISA Services Portal improves the reporting process and offers more features for our voluntary reporters. We ask organizations reporting an incident to provide information on the impacted entity, contact information, description of the incident, technical indications and steps taken,” a CISA spokesperson said in an email statement. “Reported incidents enable CISA and our partners to help victims mitigate…

FYSA – Critical RCE Flaw in GNU-Linux Systems

2 min read - Summary The first of a series of blog posts has been published detailing a vulnerability in the Common Unix Printing System (CUPS), which purportedly allows attackers to gain remote access to UNIX-based systems. The vulnerability, which affects various UNIX-based operating systems, can be exploited by sending a specially crafted HTTP request to the CUPS service. Threat Topography Threat Type: Remote code execution vulnerability in CUPS service Industries Impacted: UNIX-based systems across various industries, including but not limited to, finance, healthcare,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today