Cybercriminals are starting to target lower-hanging fruit rather than C-level executives

Avanan announced the release of the company's 1H 2021 Global Phish Cyber Attack Report, which analyzes today’s threat landscape, phishing vectors, and industry-based attacks, exposing healthcare and manufacturing as two of the top industries being targeted by hackers in the first half of the year.

“With hospitals around the world being hit with ransomware attacks and manufacturers experiencing supply chain disruption due to cyber attacks, the Avanan research shows that hackers are using one of the most basic tactics to get in ‒ phishing attacks,” said Gil Friedrich, CEO and Co-Founder of Avanan.

According to Avanan’s security research and analysis, the most attacked industries are IT, healthcare, and manufacturing. IT saw over 9,000 phishing emails in a one month span, out of an average of 376,914 total emails; healthcare saw over 6,000 phishing emails out of an average of 451,792 total emails; and manufacturing saw just under 6,000 phishing emails out of an average of 331,184 total emails.

These industries are the most targeted because they hold incredibly valuable data from health records to social security numbers, combined with the fact that healthcare and manufacturing tend to use outdated tech and often have non-technical board of directors. In healthcare, in particular, the industry is largely unprepared. Though every industry gets attacked, the ones that hold the most data are the most at risk.

For this report, Avanan security researchers analyzed over 905 million emails spanning a six-month period. Since Avanan works as a layer of security behind Microsoft’s EOP, ATP/Defender, Google Workspace, or any SEGs, this analysis only looks at the emails these other layers did not quarantine. The report reflects an analysis of the most sophisticated and evasive attacks in use today.

Key Findings:

Because threats have gotten so advanced, AI is required to stop the majority of attacks missed by legacy solutions. Without the use of sophisticated AI, 51% of attacks would be missed and reach end-users.
Impersonation and credential harvesting attacks remain top phishing vectors. Credential harvesting, 54% of all phishing attacks, has risen by nearly 15% when compared to 2019; 20.7% of all phishing attacks are Business Email Compromise (BEC); and only 2.2% of phishing attacks are extortion.
Hackers are starting to target lower-hanging fruit rather than C-level executives. Now, 51.9% of all impersonation emails attempted to impersonate a non-executive in the organization. In fact, non-executives are targeted 77% more often.
Misconfiguration is playing a rising role in phishing. Over 8% of phishing emails ended up in the user’s inbox simply because of an allow or block list misconfiguration, a 5% increase from last year, and 15.4% of email attacks are on an Allow List.
The most commonly used tactic is using non-standard characters and limited sender reputation. Non-standard characters are used in 50.6% of phishing links and 84.3% of phishing emails do not have a significant historical reputation with the victim.

Avanan anticipates that cyberattacks will continue to explode with healthcare and education being hit hardest, predicting that attacks on the education sector will surge over the next six months with massive increases when school returns in the fall. In addition, Avanan predicts COVID-related phishing emails will decrease, while officeplace related phishing emails will increase. As workers around the globe return to the office, there will be a spike in phishing attacks leveraging services like fax, scanners, copiers, targeting the things used in office life that sat dormant for the last year and a half.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.