Photo credit: www.csoonline.com
Cybercriminals are increasingly using brand impersonation in their phishing campaigns, targeting well-known names such as Microsoft Outlook, Apple, LinkedIn, Amazon, PayPal, Shein, Prime, and Netflix. In addition, numerous enterprise-focused services and terminologies are frequently exploited, including DHL Express, Confluence, SharePoint Online, WordPress, HR Department, Docusign, Accounts Payable, Support, and Admin.
Among the various techniques employed in phishing attacks, malicious links remain the most prevalent, appearing in 58% of deceptive emails. This is followed by malicious attachments, which account for 25%, and voice phishing, which is used in 17% of cases.
Lateral movement: Leveraging privileged access to act in plain sight
After gaining entry to a corporate network, attackers can utilize stolen credentials to increase their access to additional internal systems. This method significantly lowers the chances of detection and reduces the likelihood of triggering existing malware defenses.
Source
www.csoonline.com