Phishing is one of the most popular tools attackers use to gain an unauthorized access to the organization network and resources.
In 2023, almost half (43%) of all successful attacks on organizations used social engineering, with 79% of these attacks carried out through email, SMS messages, social networks, and messaging apps. This indicates the effectiveness of phishing attacks, which not only entail reputational risks but can also cause significant financial damage [1].
In these articles we will analyze phishing attacks on organization worldwide conducted through email, SMS messages, social networks, and messaging apps based on a study made by our partner “Positive technologies” recently.
The study showed that the main two goals of phishing attacks are data theft (85%) and financial gain (26%) see figure1.
The purpose of getting access to the data is to use this data or mainly to sell it and gain some money, Information can also be stolen for the purpose of spying on an organization or country.
The study said that the majority of the phishing attacks carried out throw Emails (92%), however Phishing attacks can come from various sources like SMS or social media, which means that companies need to use security tools and educate employees on cyber hygiene.
On the other hand Attackers are continually modifying their techniques, complicating defense efforts.
More than half (56%) of the phishing attacks examined in this study were targeted at a specific organization, industry, or country. Most often, attackers target government agencies (44% of incidents with industry-specific targeting) and military enterprises (19%). Rounding out the top 3 primary targets of phishing attacks are organizations in the field of science and education (14%).
The attackers aim usually trick victims into performing one of two actions: entering corporate credentials or downloading a malicious file onto their PCs, by sending them even a malware file or a fake form page to put the credential in it.
The cost of the ready-made phishing templets or projects can be between 15 $-5000 $, as we can find a ready SMS or Email phishing templet up to 100 $, for the ready phishing pages then price could reach the 1000 $, and foe the unique phishing services the price could be 5000 $.
There is a noticed increase in Phishing attacks nowadays especially with the AI technology integrated with many tools. Attackers are now using recent developments in their attacks, such as task automation, ready-to-use toolkits for preparation and execution, AI. All of these help reduce the costs of executing a cyberattack and accelerate the preparation and dissemination of phishing messages. As a result, the latest phishing attacks have reached a critical level of effectiveness, posing a new challenge to those on the receiving end.
So that the organizations should improve their security systems and use the most recent technologies against those kinds of attacks, like NGFW, SWG, SASE, along with the detection and response solutions like EDR and XDR.