It is not unknown that computers are insecure. The availability and use of personal computers by the general public began in the late 1970s and with it, emerged virus attacks. These viruses are malicious software programs that replicate themselves on new computers. This was the first generation of cyberattacks. This was the era when the phrase “hacker in his parent’s basement” originated. The advent of internet in 1980s revolutionized the use and working of computers that introduced the second generation of cyberattacks. With businesses, governments, and public connecting to networks, the gates opened for hackers to communicate and spread malicious viruses through the World Wide Web (WWW).
The first cyberattack, The Morris Worm, happened in 1988 that damaged approximately 6,000 computers (almost 10% of the internet at that time). The worm was developed to evaluate the size of the internet but resulted in the damage where the estimated cost of repairing crossed USD 1 Million. It was also the first distributed denial-of-service (DDoS) attack.
Today, the world is facing the fifth generation of cyberattacks with advanced technology and methods used by hackers, recurring millions of dollars from the victims. Rapid developments in IoT (Internet of Things) devices and the way they interact with each other have created a panorama of unprecedented security vulnerabilities. Cybercriminals invest heavily in creating innovative spoofs and are using various technologies to monitor the internet browsing activities of their target users. By 2025, the cybercrime is estimated to cost the world approximately $10 trillion on an annual basis, where the most expensive component is projected to be the information loss which would cross 40% of the costs.
According to internet security statistics, on an average, a cybercrime is committed 2,244 times per day.
In 2019, there was an increase of over 105% in ransomware from phishing emails, whereas, due to the COVID-19 outbreak, there was an increase of 600% in the cybercrimes. Recently, there has been a rapid shift from broad spam attacks to targeted email-based phishing attacks, causing significant financial and operational damages to organisations globally. The FBI registered 241,342 phishing complaints in 2020, with loses amounting to over USD 54 Million. Along with this, the rise in ransomware incidents was also witnessed, with 2,474 cases registered in 2020. Moreover, the average cost of data breaches by phishing, as of 2021, is USD 4.7 Million.
Some of the most notorious cyber-crimes started with just one click on a spear phishing email. Spear phishing is a targeted email-based exploratory tactic that uses a blend of email spoofing, malicious URLs, and downloadable files to obtain sensitive information from the compromised system. From a cybercriminal’s perspective, spear phishing is the ideal agent for a broad array of damaging exploits, which even traditional security defences fail to detect and restrict.
There is no question that one can be too smart to not fall for a spear phishing attack. 97% of the users who receive a sophisticated phishing email, fail to identify it as a threat. While more than 90% of the organisations claim to provide training to employees to spot and avoid phishing attacks, 30% of the phishing messages that are distributed get opened by targeted users and over 10% of those users click on the malicious attachment or link. Only 3% of the targeted users report those malicious emails to the authorities.
The average cost of a single spear phishing attack is around USD 2 million.
Spear Phishing: A Cleverly Planned Process
Imagine someone following you to keep an eye on you and know all your whereabouts, either in a hidden manner or by being your friend. That is the cornerstone of spear phishing. It involves both social engineering and technical trick to deceive victims into opening attached files that have embedded links. Every month, an estimated number of 1.5 million new phishing sites are created, where the target is monitored closely and a personalized message, with malicious files or links, is designed accordingly to lure the target user to take action as mentioned. These messages are sent from engineered trusted sources that increase the rate of action taken. The target user fails to understand the social engineering trick and opens the malicious attachment, and with it, the target system gets exploited. Although intended to smoothly steal data, some criminals install malware into the target system that may revoke the user access or give access to more systems. Remote Access Trojan (RAT) is installed into the target system that is used to gain access to additional systems in the internal network. With steady access into the system(s), data is exfiltrated by the attacker in a stealthy manner.
More than 85% of the successful data breaches in 2020 were pulled off through spear phishing.
Targeted, multi-segment, multi-stage attacks have been extremely effective in penetrating today’s networks. The majority of the attacks happen with the spread of malicious emails. Understanding the state of cyber-attacks and the need for a protective shield is important. With growing incidences of new and innovative cyber-attack tactics, there is an increased demand for efficient security solutions. The cost of cyber security increased by 23% from 2016 to 2017. The global cyber security market is anticipated to record CAGR of 11.21% through 2019-2027. Cyber security companies such as Barracuda Networks Inc., FireEye Inc., Cisco Systems Inc., and others are increasingly updating their security software, especially for cloud deployment to provide cloud assurance, bringing light to cloud security solutions and services, such as cloud endpoint protection and zero trust security that are intended to provide social engineering protection to shield from such attacks. These solutions monitor emails and email gateways to avoid data loss. Spear phishing is one of the most popular cyber-attacks with the highest success rates. According to our research, the global spear phishing protection market is estimated to be valued at USD 2.1 Billion by 2030.
What happens when an unstoppable force meets an immovable object?
They are both implicitly assumed to be indestructible. Such are cyber-attacks and the existence of targets on the web. As long as organizations are working toward innovating and enhancing their security systems to fight against such attacks, the cybercriminals will also continue to innovate ways to penetrate networks and utilize them. To protect and fight such scams, it is important to be wary of unsolicited and unexpected emails, and recognize the basic tactics used in spear phishing emails to identify threats. Being aware, secured and protected reduces the risk of falling victim to such attacks.