UPDATED 09:00 EST / OCTOBER 17 2023

SECURITY

Phishing attacks hit record high in third quarter, with malware not far behind

A new report from threat detection and response startup Vade Secure SASU finds a substantial increase in phishing and malware attacks in the third quarter, so large that the level of attacks is some of the highest ever recorded for any quarter.

The Vade Q3 Phishing and Malware Report found that there was a 173% increase in phishing attacks over the previous quarter — 493.2 million versus 180.4 million. It also finds a 110% increase in malware attacks, coming in at 125.7 million emails compared with 60 million in the second quarter.

The malware number nearly set a record, trailing only the fourth quarter of 2016’s mark of 126.8 million, while the phishing number was the highest ever recorded by Vade since it began tracking both categories in 2015.

August was the most active month in the quarter for phishers, with 207.3 million phishing emails detected, nearly double the number in July. The number went down slightly in September but was still a high 172.6 million emails. September was the popular month for malware threats, with Vade detecting 45.6 million attempts.

Not surprisingly, the most impersonated brands in the quarter were found to be Microsoft Corp. and Facebook. The report notes that Microsoft and Facebook have been either the top or second most impersonated brands since 2020.

Across industries, most industries saw a significant increase in phishing attacks, with cloud, social media and financial services seeing increases of 127%, 125% and 121%, respectively. Government experienced the greatest increase of 292%, while e-commerce and logistics also grew by 62%. Only the internet and telecommunications sectors experienced a decline, by 29%.

The report also highlights certain targeted companies and services. Bank of America ended the third quarter with 3,133 phishing URLs, a whopping 873% increase over the previous quarter and the largest jump of any brand over the period. Bank of America was the most impersonated financial services company and the third most spoofed brand, increasing from 22nd position in the previous quarter.

Microsoft maintained its title as the most impersonated corporate brand, with Microsoft 365 being not only one of the most popular business tools in the world but also a key target for hackers.

The report concludes by noting that email remains the top vector for phishing and malware attacks before and after the initial compromise. Protecting against these threats requires a combination of sophisticated solutions and human insights. 

The report recommends that to protect organizations, companies should look to adopt an integrated security solution that layers protection onto the native security features of Microsoft 365 and Google Workspace. It’s also advised that companies should implement automated phishing awareness training to make users proficient at identifying and reporting threats.

Image: Vade Secure

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU