It’s been a year since states first enacted shelter in place orders, most employees began working outside their office networks at home. In 2020, phishing attacks grew 42%, according to new data in SlashNext’s State of Phishing 2021 report. The average cost of a corporate breach was $2.8 million, making phishing an urgent issue.
What was once spray and pray bulk phishing attacks, easily recognized for their lousy grammar and poor-quality logos, is now replaced by mass quantities of high quality, highly targeted spear-phishing attacks simulating messages from trusted sources. Bad actors became far more sophisticated at using automation, AI, and behavioral targeting to launch spear-phishing attacks aimed at harvesting our personal and corporate information from the same devices.
Phishing attacks moved faster than defenses, automated across people’s digital footprints. Short-lived phishing URLs gather valuable personal information and move on within 40-45 minutes to evade detection. Attacks generating 20,000+ subpages in 36 hours were too fast for human forensics to stop.
One of the most dangerous aspects of all this is that phishing attempts often come from legitimate infrastructures such as Google, Adobe, and Microsoft domain names. Cybercriminals used a variety of strategies to evade traditional phishing defenses, including compromised pages on legitimate infrastructure such as Google, Adobe, or Microsoft domain name, which made them difficult to detect.
Targeting Microsoft Users
Even before the sudden shift to a distributed work environment, Microsoft 365 was a popular phishing target. Instead of being limited to email, bad actors launched attacks on OneDrive, Teams, and other Microsoft communication channels.
These malicious users can be very targeted using specific information relevant to each channel. So, not only have we detected a dramatic increase in attacks targeting Microsoft users, but the success of these attacks has been unprecedented.
Companies rely on first-generation tools to defend against phishing attacks, whether securing their email gateway, proxies, firewalls, or other endpoints. Even some of the newer security solutions have been…