Phishing continues to be one of the most favored ways of compromising systems for hacking groups, Abnormal Security has found.
In its latest report, Email Security Threats in Europe: Insights into Attack Trends, the email security provider observed that the volume of phishing attacks targeting organizations in Europe increased by 112.4% between April 2023 and April 2024.
In the US, they rose by 91.5% over the same period.
“Although phishing falls squarely in the bottom third of all attack types tracked by the [FBI] Internet Crime Complaint Center (IC3) in terms of total losses, it’s frequently just the first step in a variety of crimes and is often used more as a way to gain a foothold rather than the end goal,” the report explained.
When successful, a credential phishing attack can grant threat actors access to usernames and passwords that can be leveraged to compromise other accounts and launch additional, more damaging attacks.
Phishing emails can also be a mechanism for deploying malware, which enables cybercriminals to steal or ransom data, disrupt operations, and execute espionage.
Rise in BEC and VEC
Abnormal also found that business email compromise (BEC) is on the rise.
BEC attacks targeting US enterprises rose by 72.2% year over year, while those targeting European businesses experienced a 123.8% increase.
This includes a surge in vendor email compromise (VEC), a subset of BEC that involves the impersonation of vendors to deceive targets into making payments for fake invoices, initiating fraudulent wire transfers, or updating banking details for future transactions.