New analysis of threat activity for the first quarter of this year shows anyone with access to corporate email is a now on the front lines of modern cyberattacks of all kinds.

The key to a solid cyber defense is knowing your enemy. It’s one of the reasons I spend so much of the time on this blog talking about industry reports – they provide insight into what threat actors are doing so you can know how to change up your cybersecurity strategy. In security vendor Kroll’s Q1 2022 Threat Landscape report, it appears that the kinds of attacks are shifting around in importance, but phishing attacks are playing a primary role.

According to the report, cybercriminals are changing their attack focus:

  • Ransomware attacks are down 30% from the previous quarter
  • Email Compromise is on the rise by 18%
  • Unauthorized access is down by 22%

It also appears that their initial attack vectors are also changing their stripes:

  • Vulnerabilities are down by two-thirds to just 3% of attacks
  • Zero-day exploits are down by half to 13% of attacks
  • Valid accounts are up 233% to represent 10% of attacks
  • Phishing is now used in 60% of attacks as the initial attack vector, rising 54% from last quarter

Those last two jumps are important – notice how phishing rose dramatically, and yet while vulnerabilities and zero-day attacks declined, valid accounts also rose. Where did those valid accounts (no doubt, purchased from the dark web) come from? In most cases, they, too, were obtained using a phishing campaign intent on harvesting credentials.

So, as you look for the best way to shape your cybersecurity defenses to respond to shifts in attack methods, solutions that protect the user from malicious phishing attacks – as in the case of Security Awareness Training – are not only prudent, but necessary. Until we are all able to stop receiving malicious emails, we’re going to need to learn how to spot them to stop them.