• United States



Shweta Sharma
Senior Writer

New cyberattack tactics rise up as ransomware payouts increase

Feb 28, 20234 mins

Although threat actors continue to use phishing, brand impersonation, and business email compromise (BEC) as common tactics, use of less familiar attack methods to infiltrate global organizations have picked up, Proofpoint says.

While phishing, business email compromise (BEC), and ransomware still rank among the most popular cyberattack techniques, a mix of new-breed attacks is gaining steam, according to a new report from cybersecurity and compliance company Proofpoint.

“While conventional phishing remains successful, many threat actors have shifted to newer techniques, such as telephone-oriented attack delivery (TOAD) and adversary in the middle (AitM) phishing proxies that bypass multi-factor authentication,” said Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint, in a press release for the company’s 2023 State of the Phish report.  “These techniques have been used in targeted attacks for years, but 2020 saw them deployed at scale.”

The report is based on a survey of 7,500 employees and 1,050 security professionals across 15 countries, and in-house telemetry that monitored over 18 million end-user reported emails and 135 million simulated phishing attacks over a one-year period. The research revealed persistent gaps in cybersecurity awareness and hygiene that lead to attacks.

Ransomware, email-based attacks are top offenders 

In 2022, 76% of organizations were targeted by a ransomware attack, out of which 64% were actually infected. Only 50% of these organizations managed to retrieve their data after paying the ransom. Additionally, a little over 66% of respondents reported to have had multiple, isolated infections.

Almost all of the affected organizations (90%) had a cybersecurity insurance policy covering ransomware attacks, and most (82%) insurance companies agreed to pay the ransom, either in part or in full. The high percentage of companies having cybersecurity insurance is why a large number of organizations were willing to pay ransom, with 64% of those infected paying at least one ransom — a six-point increase from the previous year — according to Proofpoint.

The report highlights that US organizations polled — 89% of which suffered a ransomware attack — were more like to get hit by ransomware, compared to organizations in the other 14 countries in the survey, of which approximately all had cybersecurity insurance.

Only 24% of Canadian organizations surveyed in the poll filed a claim after a ransomware attack, owing to poor coverage in their policies. South Korea remained the least-attacked nation in the APAC region.

About eight in 10 organizations (84%) experienced at least one successful email-based phishing attack in 2022, with direct financial losses as a result increasing by 76% compared to 2021, according to the report.

Seventy-five percent of organizations worldwide reported an attempted business email compromise (BEC) attack last year. While English remained the most common language employed, companies in a few non-English nations witnessed a higher volume of attacks in their own languages, including organizations in the Netherlands and Sweden, which reported a 92% jump in such attacks; in Spain, with a 92% jump; Germany, with an 86% increase; and France, with an 80% increase.

Microsoft remained the top impersonated brand

Cybercriminals mostly abused Microsoft’s brand name in phishing attacks, with more than 30 million messages using its branding or mentioning  products like Office or OneDrive. However, other companies were also frequently impersonated by cybercriminals, including Amazon (mentioned in 6.5 million attacks); DocuSign (3.5 million); Google (2.6 million); DHL (2 million); and Adobe (1.5 million).

The large number of brand impersonation attacks is concerning, especially since 44% of the employees polled believe that an email is safe when it features familiar branding, and 63% think that an email address always belongs to the corresponding website of the brand.

The lack of knowledge and poor security habits among end users, whether they are working from home or in the office, are making organizations vulnerable to potential risks. Over 33% of the respondents were unable to differentiate among terms such as malware, phishing, or “ansomware, according to the survey.

New cyberattack threats rise

In the past year, there has been a significant increase in the number of telephone-oriented attack delivery (TOAD) and multifactor authentication (MFA) bypass phishing messages being sent every day. Proofpoint monitored over 600,000 TOAD attacks each day, with emails encouraging recipients to initiate a direct conversation with attackers via fraudulent “call centers.”

The pandemic-caused shift in job mobility and economic uncertainty has led to one in four employees leaving or switching jobs in the past two years. This makes data protection more challenging for organizations, with 65% of them reporting data loss due to the actions of insiders. Almost half of those who changed jobs (44%) confessed to taking data with them.

In a regional context, 71% of Europe, Middle East and African organizations lost data to insiders in 2022. German organizations were most likely to face insider attacks — with 18% reporting data loss due to insiders. With only 4% of UAE organizations reported losing data to insider attacks, businesses in that nation were the least likely to suffer an insider attack.

Additionally, American organizations were the most inclined (63%) to take disciplinary action against employees for unsafe behavior. Only 9% of respondents working in information security thought that implementing a consequence model was incompatible with the organization’s culture.