SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Advanced Persistent Threat Protection
#
Cybersecurity
#
Email Security
Phishing remains most dominant, fastest growing internet crime
Fri, 18th Aug 2023
Author image
By Shannon Williams, Journalist
Follow us

Phishing remains the most dominant and fastest growing Internet crime, largely due to the ubiquity of email and the ceaseless issue of human error that is preyed upon by today’s threat actors, according to the inaugural 2023 Phishing Threats Report from Cloudflare.

While business email compromise (BEC) losses have topped $50 billion, corporate organisations are not the only victims that attackers are after. The real implications of phishing go beyond Fortune 500’s and global companies, extending to small and local organisations as well as the public sector. 

For instance, in this year’s report, Cloudflare observed more email threats targeting political organisations. In the three months leading up to the 2022 US midterm elections, Cloudflare’s email security service prevented around 150,000 phishing emails from making their way to campaign officials.

Regardless of an organisation's size, industry or sector, the report revealed that threat actors who leverage phishing campaigns have two major objectives. First and foremost, the goal is to achieve authenticity and legitimacy in the eyes of the victim. Second, is to persuade victims to engage or click. 

These objectives are underscored by the key findings of the report, including:

  • Malicious links were the #1 threat category, comprising 35.6% of detected threats Identity deception threats are on the rise — increasing YoY from 10.3% to 14.2% (39.6 million) of total detections 
  • Attackers posed as more than 1,000 different organisations in over 1 billion brand impersonation attempts. The majority of the time (51.7%), they impersonated one of 20 well-known brands 
  • The most impersonated brand happens to be one of the most trusted software companies: Microsoft. Other top companies impersonated included Google, Salesforce, Notion.so, and more 
  • One-third (30%) of detected threats featured newly registered domains — the #2 threat category 
  • Email authentication doesn’t stop threats. The vast majority (89%) of unwanted messages “passed” SPF, DKIM, or DMARC authentication checks

“Phishing is an epidemic that has permeated into the farthest corners of the Internet, preying on trust and victimising everyone from CEOs to government officials to the everyday consumer,” says Matthew Prince, CEO at Cloudflare. 

“Email messages and malicious links are nefarious partners in crime when it comes to the most common form of Internet threats. Organisations of all sizes need a Zero Trust solution that encompasses email security - when this is neglected, they are leaving themselves exposed to the largest vector in today's threat landscape.”

The report is a culmination of data intelligence and security trends gathered from the 112 billion threats that Cloudflare’s global network blocks daily. Cloudflare evaluated a sample of more than 279 million email threat indicators, 250 million malicious messages, over 1 billion instances of brand impersonation (note that it is possible for one email to have multiple instances of brand impersonations), and other data points gathered from approximately 13 billion emails processed between May 2022 to May 2023. 

Additionally, this report is informed by a Cloudflare-commissioned study conducted by Forrester Consulting. Between January 2023 and February 2023, Forrester Consulting surveyed 316 security decision-makers across North America, EMEA, and APAC about the state of phishing.

Related stories
Smarttech247 & SentinelOne launch AI-powered cybersecurity for SMEs
GitHub's 2FA initiative helps secure software supply chain
Jason Haddix joins Flare as Field Chief Information Security Officer
AI tools linked to data exposure in 1 in 5 UK organisations
Trend Micro introduces AI-driven cyber risk management features
Top stories
Australian businesses fast-track Microsoft cloud adoption amid cyber threats
Zscaler introduces enhanced ZDX service for improved IT operations
The importance of cybersecurity training for software developers
HID acknowledged as Leader in Gartner Magic Quadrant for Indoor Location Services
Exclusive: How Darktrace is tackling AI-driven cybersecurity