Phishing Attacks Increased In Microsoft 365, Says FireEye
Washington: As cyber attackers are gaining ground in Cloud, Microsoft continues to be the most popular brand used in phishing scams, a FireEye report has said.
The US cybersecurity firm FireEye saw Microsoft Office 365-themed phishing attacks increase by 12 per cent over the quarter.
“Microsoft continues to be the most popular brand utilised in phishing attacks, with 68 per cent of all phishing detections,” said Michael Hulton, Vice President and GM of Email Security, FireEye.
A typical phishing email impersonates a well-known contact or trusted company to induce the recipient to click on an embedded link, with the ultimate goal of credential or credit card harvesting.
Attackers are constantly adapting their tactics to get past email security defences.
“Bad actors are following where the money goes, with an arsenal of tools at their disposal. That’s why as companies migrate to the cloud, we see more attackers exploiting cloud services to perpetrate their attacks,” the report added.
At the FireEye’s “Cyber Defence Summita here, the company on Wednesday released its latest email threat update after analyzing more than two billion emails.
“Some of the most common tactics include hosting Microsoft-themed phishing pages with Microsoft Azure, nesting embedded phish URLs in documents hosted on popular file sharing services, as well as establishing phishing URL redirects on popular email delivery platforms,” the report elaborated.
When it comes to verticals which are facing cyberattacks, entertainment, media and hospitality has taken the top position from financial services, which dropped to number two.
Other highly-targeted verticals for email-based attacks include manufacturing, service providers, telecom, state and local governments, services, consulting and insurance.