Search DubaiPRNetwork.com

Dubai and UAE
Home >> Technology

Positive Technologies: government agencies and the defense industry are favorite targets of phishing attacks

Positive Technologies: government agencies and the defense industry are favorite targets of phishing attacks

Tuesday, February 20, 2024/ Editor -  

Share

Home >> Technology

Dubai, UAE: 20/02/2024 - Positive Technologies experts analyzed phishing attacks against organizations in 2022–2023. Most often, in phishing messages, criminals pose as contractors. The phishing-as-a-service model has become common practice. Experts predict an increase in the role of AI in both conducting and preventing phishing attacks. 

The main objectives of phishing attacks are data theft (85%) and financial gain (26%). One of the channels where criminals can sell the stolen sensitive information is the dark web, where the demand for personal data and credentials of companies' employees and clients is traditionally high. Information can also be stolen for the purpose of spying on an organization or country. 


A particular focus of the research is on hacktivists who have become especially active in the midst of the current geopolitical situation. Their main objective is to harm a victim by any means possible, as was the case with the attack on Iran's petrol stations last December, allegedly carried out by an Israeli APT group.

Phishing-as-a-service has become commonplace, a trend our experts forecasted several years ago. Today, phishing-as-a-service is used by professional APT groups, savvy independent attackers, and even newcomers without any special knowledge or skills. Positive Technologies analyzed messaging apps and forums on the dark web where social engineering was mentioned. The analysis showed that the most popular requests and offers were related to ready-made phishing projects, tools for conducting phishing attacks, and the development of phishing web pages.


The majority of phishing attacks are carried out through email (92%), but criminals can adapt to the particularities of the target company and use messaging apps (8%) and SMSs (3%) to deliver their malicious messages. A common attack scenario involves impersonating a company executive or employee through various communication channels. To create a fake profile for sending malicious messages, an attacker only needs to have the name and photo of the target organization's executive or employee. 


'Phishing is mainly evolving through the automation of attacks with the help of AI tools,' says Alexey Lukatsky, Information Security Business Consultant at Positive Technologies. The AI tools are becoming increasingly popular and are used both by cybersecurity experts to counter cyberthreats and by criminals to prepare and execute phishing attacks. Cybercriminals use AI to maintain engaging and relevant dialogues with their targets, generate convincing phishing messages, and create deepfakes of voices, images, and videos.'


More than half of the phishing attacks examined in this study were targeted at a specific organization, industry, or country. Most often, attackers target government agencies (44% of incidents with industry-specific targeting) and military enterprises (19%). Rounding out the top three primary targets of phishing attacks are organizations in the field of science and education (14%). 
According to the research, criminals most often pose as contractors (26% of attacks). 'They send fake reconciliation statements, invoices, contract renewal documents, and other data related to interactions between contractors,' comments Ekaterina Kosolapova, Information Security Analyst at Positive Technologies. This tactic is widespread because it is applicable to almost all organizations and legitimates the presence of links or attachments in the message. In 58% of attacks, such lures were sent without reference to a specific industry. However, this method is used more than any other in targeted attacks on medical, financial, industrial, and telecommunication organizations.' 
To prevent, detect, and respond to phishing attacks, experts suggest that companies educate their employees on cybersecurity and conduct phishing simulations. We also recommend using reputation mechanisms based on security solutions like SWG (Secure Web Gateway), NGFW (Next Generation Firewall), and SASE (Secure Access Service Edge), as well as EDR (Endpoint Detection & Response) solutions and sandboxes for mail traffic and protection against phishing, built into popular browsers or implemented through additional plugins. Basic cyberhygiene on personal computers and mobile devices should not be neglected either, such as regularly updating software and granting minimal privileges to applications

 


Previous in Technology

Next in Technology


Home >> Technology Section

Latest Press Release

Mohammed Bin Rashid Library and Cineolio Organise Film Night on April 19

Hitachi Energy unveils cutting-edge solutions at Middle East Energy 2024

The MEBAA Show 2024 set to unveil latest advancements for business aviation

Diriyah Company Group Ceo Jerry inzerillo appointed united nations Tourism Ambas ...

Henry Jacques launches Collection de l'Atelier

Indulge in the Exquisite Taste of Camel Milk Desserts at Home with Camelicious

Choithrams raises AED 500,000 for Dubai Cares' “Gaza In Our Hearts” Ramadan fund ...

Philip Morris International Demonstrates Clear Progress Toward Its Purpose as It ...

AUS secures top spots in academic and employer reputation in UAE, announces QS W ...

DXB retains its position as the world's busiest international airport for the 10 ...

Goodbye to the Grrr-Eight One: Jeep® Brand Announces 2024 Wrangler Rubicon 392 F ...

Turkish Airlines closes 2023, carrying 83.4 million passengers with a 23.5% incr ...

South Indian Cinema Megastars Rana Daggubati, Rockstar DSP Akul Balaji, Vijay Ra ...

Heritance Aarah Maldives: Your Summer Culinary Getaway

Majid Al Futtaim Shopping Malls appoints Memac Ogilvy as lead creative agency ac ...

Swiss International School Dubai students get seven-star work experience at Burj ...

Victory for Pascal Wehrlein after last Lap Heartbreak for Rowland

Mansour bin Mohammed congratulates Hamdan bin Mohammed on the Qatar-UAE Super Sh ...

Ideal Standard celebrates triple success for new collections at iF Design Awards ...

Mattar Al Tayer congratulates Shabab Al Ahli Club on winning the Qatar-UAE Super ...