Phishing remains one of the most common and effective forms of cyber-attack. This vector exploded since the start of the COVID-19 pandemic, fuelled by increased reliance on digital communications and numerous emotive events that served as effective lures. In February 2022, Proofpoint research found that more than nine in 10 (91%) UK organizations were successfully compromised by an email phishing attack in 2021, underlining its ongoing potency.
Such compromises can pose major problems for organizations. “When phishing is used to steal login credentials, it opens up a world of possibilities for the cyber-criminals and a world of hurt for the impacted individual or business,” explained David Richardson, VP of product management at Lookout. “With one set of credentials, bad actors can then try to log in to a number of common cloud-based services such as Microsoft365, Google Workspace, AWS, Salesforce, etc. Once they’ve successfully logged in to one of these accounts, they can move laterally within an organization and find highly sensitive and valuable information to either encrypt for ransom or exfiltrate to sell on the dark web.”