Request a Demo of Tessian Today.

Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.

Jan 31 Live Webinar | How to Keep Socially Engineered Attacks From Sneaking Into Email | Save Your Seat →

Threat Intel

2022 Tessian Threat Intel Roundup: Social Engineering Threats Are Here to Stay

by John Filitz Thursday, December 8th, 2022

Tessian Cloud Email Security intelligently prevents advanced email threats and protects against data loss, to strengthen email security and build smarter security cultures in modern enterprises.

As we close out the year, one thing is certain: Social engineering attacks will remain a mainstay for threat actors. The ease with which threat actors are able to exploit human vulnerabilities will find even the most secure organizations wanting. This is why according to Tessian’s inaugural State of Email Security Report (2022), impersonation attacks are the number 1 concern for organizations globally. Only by adopting a defense-in-depth strategy will organizations be able to reduce the risk of falling victim to social engineering-based attacks. 

 

In this final newsletter for the year we take a look at some of the dominant themes we’ve covered in 2022.

 

Sign-up for our Threat Intel update to get this monthly update straight to your inbox. 

 

Top Threat Intel Themes Covered in 2022

1. Phishing-as-a-Service Goes Mainstream

  • Phishing remains a persistent threat and security challenge
  • Phishing-as-a-Service offerings continue to evolve and proliferate on the dark web, reducing barriers to entry and effectively creating whole new armies of threat actors.
  • Threat actors continue having significant success using phishing and business email compromise campaigns (BEC) to compromise organizations. 
  • This helps explain why social engineering attacks in the form of phishing and BEC are the top two costliest forms of a breach, topping out at $4.91 and $4.89 million, respectively. 

 

2. Impersonation campaigns continue evolving

  • Earlier in the year we started tracking an increase in 3rd party impersonation campaigns that were leveraging PayPal to carry out invoice fraud. 
  • Other impersonation campaigns that came across the wire included threat actors targeting the legal sector – a sector that is disproportionately targeted by social engineering attacks.
  • We’ve also found that obfuscation is the name of the game for malicious payload delivery.
  • The continued persistence of brand impersonation campaigns is also cause for concern. In fact, the FTC reported a sharp increase in impersonation fraud, with losses totaling $2 billion in the period October 2020 to September 2021. 
  • We expect these trends to continue, evidenced by record breaking phishing activity in 2022, for the first time surpassing 1 million phishing attacks reported in a quarter

 

3. The Unrelenting Scourge of Ransomware 

  • One of the recurring themes we have been tracking is the nexus between ransomware and spear phishing attacks. 
  • Ransomware has proven to be a persistent security challenge with the rise of Ransomware-as-a-Service (RaaS) offerings.
  • The increase in ransomware related damages – seeing a 57x increase from 2015 – is one of the main reasons driving up cyber insurance premiums, seeing increases of over 100% in the past 18 months.
  • We expect nation-state and non-aligned threat actors to continue relying on ransomware and related extortion tactics, with email a key threat vector for payload delivery.

 

4. The rise, and rise, of credential compromises

  • Another trend we have been closely following is the increasing prevalence of credential related compromises. One such noteworthy adversary-in-the-middle (AiTM) compromise saw 10,000 organizations that use Microsoft targeted.  
  • Several large organizations have suffered credential related compromises, shining a spotlight on the fallibility of identity and access management (IAM) solutions in relation to the threat that social engineering poses.
  • Credential compromise social engineering campaigns that target organizations using  Microsoft 365 and Google Workspace collaboration software, will remain a core focus area for threat actors going forward.

 

5. Event opportunism

  • As so often is the case, cyber criminals, the opportunists that they are, will attempt to exploit international and national events, including acts of war, pandemics and festive events.
  • This reality was on full display at the start of the Russian invasion of Ukraine. We noted that over 70% of newly registered Ukraine themed domains were likely to be malicious.
  • We expected a ramp-up of Russian cyber campaign activity in the wake of the Russian invasion of Ukraine, however this has failed to materialize. 
  • Effective public-private partnerships as demonstrated by Microsoft and others are part of the reason for the unprecedented level of cyber resilience by Ukraine and allied countries. 

 

Concluding Thoughts & Recommended Actions

 

Only by adopting a multi-pronged, defense-in-depth security strategy will the risk of social-engineering-related breaches be reduced. Utilizing best-in-breed cybersecurity solutions that have behavioral intelligence-based defensive capabilities, and that reinforce security culture strengthening like Tessian, is increasingly essential to address an ever-evolving social engineering threatscape. 

 

Until next year, stay safe and stay secure.

To see how Tessian prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo.

 

For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn

John Filitz Sr. Product Marketing Manager & Research Lead