Cybercriminals are continuously expanding their toolkit by experimenting with new strategies and approaches in order to improve their effectiveness against both technological and human adversaries.
According to research released by Zix, attackers are increasingly adopting new tactics to target users. The research covered several examples and also examined numerous consistent attack techniques and patterns that tend to affect organizations across the globe.
“Cybercrime is exploding in 2021 and if there is anything that could be learned over the past year, it is that threat hunters are essential,” stated Troy Gill, Manager of Research at Zix.
“Companies cannot wait for potential threats to emerge but must proactively identify security incidents that may go undetected by automated security tools. As we enter into the back half of the year, we will continue to see phishing, Business Email Compromise (BEC) and ransomware attackers become more sophisticated and bad actors asking for higher bounties to release data they have compromised.”
The most common techniques employed by attackers:
-Customized phishing attacks are on the upswing: Between Q1 and Q2, phishing assaults increased in frequency and sophistication, with campaigns becoming particularly tailored to specific users through the use of CAPTCHAs and web certificate data. Many websites, such as Spotify and DocuSign, were utilized to attract consumers.
-New attack trends have surfaced: Email threats have grown in the first half of 2021, with 2.9 billion emails quarantined through June. URL and text-based cyberattacks increased steadily in the first half of the year, whereas email-based attacks dropped in the first five months before spiking in June.
-BEC (business email compromise) attacks have become the most extensively employed technique: Businesses were determined to be the most susceptible and sought after by attackers, according to the research. Hackers have been seen eavesdropping in on discussions from inside a hacked account before delivering more personalized messages in an attempt to extract financial data or passwords.