Cyberattacks are becoming riskier with digitization and the advances of the 4.0 Industrial Revolution. The main objectives of phishing attacks are data theft (85%) and financial gain (26%).

Positive Technologies’ Trends in Phishing Attacks on Organizations in the 2022–2023 report outlines that criminals can sell stolen sensitive information on the dark web, and information can be stolen to spy on an organization or country. 

The report found that over half of the phishing attacks targeted a specific organization, industry, or country. Government agencies recorded high attacks at 44%, while military enterprises witnessed 19%. Rounding out the top three primary targets of phishing attacks are organizations in science and education (14%.) 

The research focused on hacktivists who have become especially active amid the current geopolitical situation.

Moreover, phishing-as-a-service has become a common trend used by professional APT groups, savvy, independent attackers, and even newcomers without special knowledge or skills. 

While the majority of phishing attacks are carried out through email (92%), criminals also camouflage and use messaging apps (8%) as well as SMSs (3%.) Impersonating a company executive or employee is common, with the attacker only requiring the name and photo of the target organization’s executive or employee to perform their malicious activities.

“Phishing is mainly evolving through the automation of attacks with the help of AI tools,” says Alexey Lukatsky, Information Security Business Consultant at Positive Technologies. 

“AI tools are becoming increasingly popular and are used by cybersecurity experts to counter cyber threats and criminals to prepare and execute phishing attacks. Cybercriminals use AI to maintain engaging and relevant dialogues with their targets, generate convincing phishing messages, and create deepfakes of voices, images, and videos,” he added.

Research says that cyber-criminals often pose as contractors. They send fake reconciliation statements, invoices, contract renewal documents, and other data related to interactions between contractors.

Experts suggest that companies educate their employees on cybersecurity and conduct phishing simulations to prevent, detect, and respond to phishing attacks. They also recommend using mechanisms based on security solutions and sandboxes for mail traffic and protection against phishing, built into popular browsers or implemented through additional plugins. 

Updating software and granting minimal application privileges is also a means of safeguarding devices from cyber attacks.

The Innovation By Design Summit is in Doha on April 24. Attendance at the summit is by invitation only. Delegates can register here to receive their exclusive invite.