Human hacking – phishing attacks across all digital channels – has dramatically increased in 2021. SlashNext released its first report showing a 51% increase in attacks compared to 2020, and increasingly these attacks are happening outside of email.
“The cybersecurity industry has done a good job of protecting machines, but those efforts leave the most porous and vulnerable parts of any network – the humans using it – unprotected,” said Patrick Harr, SlashNext CEO.
“Today’s hyper-targeted spear phishing attacks, coming at users from all digital channels, are simply not discernable to the human eye. Add to that the increasing number of attacks coming from legitimate infrastructure, and the reason phishing is the number one thing leading to disruptive ransomware attacks is obvious.”
Apps and browsers are used as humans connect with work, family, and friends. Cybercriminals are taking advantage of this by attacking outside of email and taking advantage of less protected channels like SMS text, social media, gaming, collaboration tools, and search apps.
Spear phishing and human hacking from legitimate infrastructure increased in August 2021, 12% (or 79,300) of all malicious URLs identified came from legitimate cloud infrastructure like including AWS, Azure, outlook.com, and sharepoint.com – enabling cybercriminals the opportunity to easily evade current detection technologies.
There was also a 51% increase in phishing in 2021 compared to 2020. That is on top of triple-digit growth in attacks in 2020 over the previous year.
In July 2021, more than one million malicious URLs were identified across all digital channels. A large percentage of those attempted attacks were targeted at those trying to access Olympics streaming sites.
Attacks have moved from email to unprotected channels including SMS text, social media, and more. The LinkedIn data breach made over one billion records available to cybercriminals and increasingly spear phishing efforts are using that data to attack high-value targets.
Of the more than 14 million malicious URLs identified to date in 2021, 51% were credential stealing attempts. Cybercriminals use those to gain access to networks which is why spear phishing is behind 91% of all successful cyber breaches – including ransomware attacks, data theft, and over $30 billion of financial fraud.
Social engineering attacks have grown quickly in 2020 – growing to 40% of all attacks from 6% in 2020. This is because cybercriminals are increasingly shifting from email phishing to SMS, social, and web-based threats.
The shifting phishing landscape, combined with cybercriminals being enabled with automation and access to data and intelligence, has quickly made human hacking the number one cyberthreat. Previous security strategies, including secure email gateways, firewalls, and proxy servers are no longer stopping threats, especially as they move beyond email.
Security training and human intervention are not practical solutions to stop the threats because the level of sophistication makes most attacks either not discernible to the human eye or engineered enough to draw in the most informed person.