Phishing is one of the most popular tools attackers use to gain an unauthorized access to the organization network and resources.
In 2023, almost half (43%) of all successful attacks on organizations used social engineering, with 79% of these attacks carried out through email, SMS messages, social networks, and messaging apps. This indicates the effectiveness of phishing attacks, which not only entail reputational risks but can also cause significant financial damage [1].
In these articles we will analyze phishing attacks on organization worldwide conducted through email, SMS messages, social networks, and messaging apps based on a study made by our partner “Positive technologies” recently.
The study showed that the main two goals of phishing attacks are data theft (85%) and financial gain (26%) see figure1.
The study said that the majority of the phishing attacks carried out throw Emails (92%), however Phishing attacks can come from various sources like SMS or social media, which means that companies need to use security tools and educate employees on cyber hygiene.
On the other hand Attackers are continually modifying their techniques, complicating defense efforts.
More than half (56%) of the phishing attacks examined in this study were targeted at a specific organization, industry, or country. Most often, attackers target government agencies (44% of incidents with industry-specific targeting) and military enterprises (19%). Rounding out the top 3 primary targets of phishing attacks are organizations in the field of science and education (14%).
So that the organizations should improve their security systems and use the most recent technologies against those kinds of attacks, like NGFW, SWG, SASE, along with the detection and response solutions like EDR and XDR.