간편하게 보는 뉴스는 유니콘뉴스
File-Sharing Phishing Attacks Surge 350%, According to New Research From Abnormal Security

· 등록일 Aug. 15, 2024 14:30

· 업데이트일 2024-08-16 00:00:26

SAN FRANCISCO--(Business Wire / Korea Newswire)--Abnormal Security, the leader in AI-native human behavior security, today released its H2 2024 Email Threat Report, revealing the growing threat of file-sharing phishing attacks, whereby threat actors use popular file-hosting or e-signature solutions as a disguise to manipulate their targets into revealing private information or downloading malware.

Sophisticated File-Sharing Phishing Attacks on the Rise

Examining data collected between June 2023 and June 2024, Abnormal saw file-sharing phishing volume more than triple, increasing 350% over the year. The majority of these attacks were sophisticated in nature, with 60% exploiting legitimate domains, most commonly webmail accounts, such as Gmail, iCloud, and Outlook; productivity and collaboration platforms; file storage and sharing platforms like Dropbox; and e-signature solutions like Docusign.

“The trust that people place in these kinds of services—especially those with recognizable brand names—makes them the perfect vehicle for launching phishing attacks,” said Mike Britton, chief information security officer at Abnormal Security. “Very few companies block URLs from these services because they aren’t inherently malicious. And by dispatching phishing emails directly from the services themselves, attackers hide in plain sight, making it harder for their targets to distinguish between legitimate and malicious communications. And when attackers layer in social engineering techniques, identifying these attacks becomes near-impossible.”

Finance and Built Environment Firms are Most Vulnerable

The finance industry was found to be most at risk, with file sharing phishing attacks making up one in ten attacks. As financial institutions rely on file-sharing platforms to securely exchange documents, attackers have ample opportunities to slip in a fraudulent file-sharing notification among the sea of invoices, contracts, investment proposals, and regulatory updates.

The second most vulnerable industry was construction and engineering, followed by real estate and property management companies. These sectors not only rely heavily on frequent document transfers via file-sharing platforms, but also involve time-sensitive projects with large payouts. By exploiting the urgency of these exchanges, attackers have an opportunity to send file-sharing phishing attacks that appear time-critical and blend in seamlessly with legitimate emails.

BEC and VEC Remain Persistent Threats

The biannual report also revealed the continued growth of business email compromise (BEC) and vendor email compromise (VEC) attacks:

· BEC attacks grew by more than 50% over the last year, with attacks on smaller organizations jumping nearly 60% in the last half.
· 41% of Abnormal customers were targeted by VEC each week in the first half of 2024, a slight increase over the 37% targeted in the second half of 2023.
· Construction and engineering firms, as well as retailers and consumer goods manufacturers, were most vulnerable to VEC attacks, with 70% of organizations receiving at least one VEC attack in the first half of the year.

Britton continued, “Cybercriminals are continuing to use email to target human behavior, and through a variety of techniques—whether it’s leveraging social engineering tactics for BEC, or using the guise of legitimate applications in their phishing schemes. The report findings underscore this deliberate shift away from overt payloads and threat signatures, and toward email attacks designed to manipulate behavior. Keeping up with these threats will require organizations to adapt accordingly, recentering their defenses on protecting humans as their most vulnerable endpoints.”

Download the full H2 2024 Email Threat Report, “Bait and Switch: File-Sharing Phishing Attacks Surge 350%”, here.

About Abnormal Security

Abnormal Security is the leading AI-native human behavior security platform, leveraging machine learning to stop sophisticated inbound attacks and detect compromised accounts across email and connected applications. The anomaly detection engine leverages identity and context to understand human behavior and analyze the risk of every cloud email event—detecting and stopping sophisticated, socially-engineered attacks that target the human vulnerability.

You can deploy Abnormal in minutes with an API integration for Microsoft 365 or Google Workspace and experience the full value of the platform instantly. Additional protection is available for Slack, Workday, Salesforce, ServiceNow, Zoom, Amazon Web Services and multiple other cloud applications.

View source version on businesswire.com: https://www.businesswire.com/news/home/20240814650661/en/

Website: https://abnormalsecurity.com/ Contact Abnormal Security
Jade Hill
Director of Communications
[email protected]
This news is a press release provided by Abnormal Security. Korea Newswire follows these editorial guidelines. Abnormal Security News ReleasesSubscribeRSS 앱노멀시큐리티의 새로운 연구에 따르면 파일 공유 피싱 공격이 350% 급증 AI 기반 인간 행동 보안 부문의 선도업체인 앱노멀시큐리티(Abnormal Security) 는 오늘 2024년 하반기 이메일 위협 보고서 를 발표했다. 이 보고서에서는 위협 행위자들이 널리 사용되는 파일 호스팅이나 전자 서명 솔루션으로 위장하여 대상이 개인 정보를 유출하거나 맬웨어를 다운로드하도록 유도하는 파... 8월 15일 14:30 More News Technology Information Security Survey & Analysis Overseas Abnormal Security All News Releases 
배포 분야
인기 기사12.23 12시 기준
광주--(뉴스와이어)--광주청소년삶디자인센터(이하 삶디센터)와 광주전남귀농운동부(이하 귀농운동본부)의 주최로 11월 18일 오후 2시 삶디센터에서 토종벼 탈곡을 체험하고 토종 작물도 살 수 있는 도시농부장터 ‘보자기장’이 열린다. 보자기장에 참여한 시민들이 탈곡...
수원--(뉴스와이어)--경기도장애인복지종합지원센터(이하 누림센터)는 12월 11일 누림센터 대회의실에서 ‘2023년 경기도 장애인을 위한 서비스 프로그램 대상’ 시상식을 성황리에 개최했다. ‘2023년 경기도 장애인을 위한 서비스 프로그램 대상’ 수상자들이 기념사진을...
서울--(뉴스와이어)--세계적인 반려동물 식품 전문기업 네슬레 퓨리나가 기존 제품에서 합성 보존제와 인공색소를 배제한 프리미엄 습식 캣푸드 라인 ‘팬시피스트 화이트라벨’ 리뉴얼 제품을 공개했다. 네슬레 퓨리나, 팬시피스트 화이트라벨...
파주--(뉴스와이어)--변화하는 교육 트렌드에 발맞춰 유아 교육과 생활 전반에서 코딩 및 유아 사고력에 대한 요구가 높아진 가운데 영유아 전문 교육 프로그램 판매사인 킨더네트워크(대표이사 오현권)가 유아를 대상으로 하는 유아 과학 프로그램 ‘놀이언스’를 출시했다. ‘놀이언스’는 유아가 호기심,...
NEW YORK--(Business Wire / Korea Newswire)--There’s room for everyone on ESB’s nice list! The Empire State Building (ESB) announced plans to treat every day like the holidays as it celebrates the 20th anniversary of...
서울--(뉴스와이어)--인터넷신문 제작 전문 다다미디어는 인터넷신문 창간 및 등록, 인터넷신문 운영 전반에 대한 실무 특강을 진행한다고 28일 밝혔다. 인터넷신문 제작 전문 다다미디어는 오는 4월 5일(금)과 4월...
API
fg
유니콘뉴스는 보도자료 배포 서비스입니다.
여기에 뉴스를 등록하면 언론이 보도하고 널리 배포됩니다.