Executives are short on time, juggling countless responsibilities, and expected to have solutions. They want to understand cyber risks that may impact their businesses, but often can’t slog through an expansive annual cybersecurity report. Fortunately, the CXO REvolutionaries Quarterly Cyber Update covers today’s relevant cybersecurity topics in a few short pages. It’s packed with information and graphics that quickly convey the data leaders need to make informed decisions.
Q2 2024: Phishing and Ransomware Insights for the C-Suite
The inaugural report focuses on phishing and ransomware insights. Its findings are a combination of research insights produced by the Zscaler ThreatLabz team with executive-level observations and commentary from CXO REvolutionaries. Threat data is drawn from the Zscaler Zero Trust Exchange, a global security platform that processes over 500 trillion telemetry signals a day. This considerable cybersecurity data lake puts Zscaler in a strong position to observe threat and technology trends worldwide.
Phishing
Executives should be aware of three current trends in phishing campaigns:
- Adversaries are increasingly imitating well-known brands to deceive their targets
- Threat actors are gaming the reputation scores of referring domains to hide phishing traffic
- Active phishing campaigns are targeting jobseekers and imitating businesses in the tech sector
It is common for phishing assets to imitate well known brands. Recipients are more likely to trust and respond to an unexpected request that appears to come from a large company than one from an unknown sender. Who are current phishing campaigns imitating the most?
Phishing content most often imitated Microsoft at 43.1% of total traffic, with Microsoft OneDrive accounting for another 11.6%. Okta placed a distant third with 6.3% of phishing traffic imitating their brand. Over a quarter of the phishing traffic imitated numerous lesser-known brands, with each company comprising less than 2% of total traffic. Phishing emails can imitate any brand, but current campaigns clearly favor imitating Microsoft and their resources.
Ransomware
Ransomware remains an active concern for companies, particularly in the wake of several recent high-profile attacks. Our key findings on current ransomware campaigns include:
- Double-extortion ransomware attacks are on the upswing, more than tripling across multiple industries year-over-year
- Threat actors increasingly are turning to novel ransomware techniques, such as new cryptography methods, buying Ransomware-as-a-Service (RaaS) offerings, and stealing unencrypted data
- The US, Canada, and Germany are the top nations targeted by ransomware attacks
- Manufacturing, service, and construction are the sectors most often targeted by ransomware groups
While ransomware groups are a threat to all economic sectors, our data shows they have a strong preference for attacking manufacturing organizations. Manufacturers were the targets of 19.5% of total observed ransomware attempts while service organizations placed a distant second with 9.7%.
Manufacturer’s involvement in critical infrastructure and their high-value intellectual property may be factors driving interest from threat actors. This sector also saw a 550% increase in double extortion attacks, where adversaries steal an organization’s data before encrypting local copies. This technique gives cybercriminals two ways to leverage data for ransom. First, the attackers can demand ransom for the data decryption key. If this fails, they blackmail the company by threatening to release their data publicly if ransom is not paid.
More insights, fewer pages
The CXO REvolutionaries Quarterly Cyber Update is a quick read for the technical and non-technical executives seeking current cybersecurity insights. Annual cybersecurity reports offer detailed (if somewhat dated) information to technical leaders who have time to read pages upon pages of industry-specific text. Our quarterly cyber update serves the needs of any executive who wants timely and actionable data in a brief format. The full Phishing and Ransomware Insights for the C-Suite report (weighing in at a slim 14 pages), can be downloaded here.
What to read next:
Is poor Wi-Fi hampering return to office?
CISO pulse check: Advice for board communications today
The leadership tightrope: Why leading in today's workforce is a balancing act