80 to 95% of cyberattacks start with phishing, according to a new report on cybersecurity threats conducted by Comcast Business. The report analyzed data from 23.5 billion cyberattacks in 2022.
The majority of breaches now originate with the users of internal and external resources, a shift from when cyberattacks began with an exploit of a vulnerability in public-facing network resources. Current research shows that approximately 67% of all breaches start with someone being duped into clicking a seemingly safe link.
Among the cybercrime complaints received by the FBI in 2022, phishing, personal data breach, and non-payment/non-delivery are the top incidents reported, with phishing ranked number one. The rise in remote working has contributed to phishing via email links. Nearly 1.2% of all emails sent are malicious, which in numbers translated to 3.4 billion phishing emails daily.
According to the Comcast Business report, attackers do their homework to uncover vulnerabilities, like open ports and misconfigured systems, as evidenced by the 242 million reconnaissance scans of customer networks and assets. The top reconnaissance tools employed by adversaries include vulnerability scanners, botnets and phishing. Once inside a network, cybercriminals made 2.6 million attempts to modify or create new firewall rules to establish external communications for command-and-control operations and data exfiltration.
Adversaries used various methods, including remote desktop, theft and brute force attacks to steal credentials and gain unauthorized access to customer networks. Customer logs documented over 54 million attempts to exploit credentials for initial access.
The report shows that social engineering, which invokes urgency, fear or other similar emotions in the victim, to trick users into clicking malicious links is still a leading cybercrime tactic.
The most targeted industry segments, according to the report are .IT and technical service (25% of attempts)