Avanan announced the release of a report which analyzes today’s threat landscape, phishing vectors, and industry-based attacks, exposing healthcare and manufacturing as two of the top targets for cyberattacks in the first half of the year.
“With hospitals around the world being hit with ransomware attacks and manufacturers experiencing supply chain disruption due to cyberattacks, the Avanan research shows that hackers are using one of the most basic tactics to get in ‒ phishing attacks,” said Gil Friedrich, CEO of Avanan.
Top industry targets for cyberattacks
According to the research and analysis, the most attacked industries are IT, healthcare, and manufacturing. IT saw over 9,000 phishing emails in a one month span, out of an average of 376,914 total emails; healthcare saw over 6,000 phishing emails out of an average of 451,792 total emails; and manufacturing saw just under 6,000 phishing emails out of an average of 331,184 total emails.
These industries are the most targeted because they hold incredibly valuable data from health records to social security numbers, combined with the fact that healthcare and manufacturing tend to use outdated tech and often have non-technical board of directors. In healthcare, in particular, the industry is largely unprepared. Though every industry gets attacked, the ones that hold the most data are the most at risk.
- Because threats have gotten so advanced, AI is required to stop the majority of attacks missed by legacy solutions. Without the use of sophisticated AI, 51% of attacks would be missed and reach end-users.
- Impersonation and credential harvesting attacks remain top phishing vectors. Credential harvesting, 54% of all phishing attacks, has risen by nearly 15% when compared to 2019; 20.7% of all phishing attacks are Business Email Compromise (BEC); and only 2.2% of phishing attacks are extortion.
- Hackers are starting to target lower-hanging fruit rather than C-level executives. Now, 51.9% of all impersonation emails attempted to impersonate a non-executive in the organization. In fact, non-executives are targeted 77% more often.
- Misconfiguration is playing a rising role in phishing. Over 8% of phishing emails ended up in the user’s inbox simply because of an allow or block list misconfiguration, a 5% increase from last year, and 15.4% of email attacks are on an Allow List.
- The most commonly used tactic is using non-standard characters and limited sender reputation. Non-standard characters are used in 50.6% of phishing links and 84.3% of phishing emails do not have a significant historical reputation with the victim.
Cyberattacks will continue to explode with healthcare and education being hit hardest, predicting that attacks on the education sector will surge over the next six months with massive increases when school returns in the fall.
In addition, COVID related phishing emails will decrease, while office place related phishing emails will increase. As workers around the globe return to the office, there will be a spike in phishing attacks leveraging services like fax, scanners, copiers, targeting the things used in office life that sat dormant for the last year and a half.