Analysis of the second half of 2023 shows attackers are getting more aggressive with email-based phishing attacks in both frequency and execution. Until there’s a catch-all way to stop malicious emails from being an effective means of initial attack, phishing will continue to grow as the primary initial attack vector for cybercriminals.

As social media phishing reaches new heights, new data reviewing 2023 shows a massive effort by cybercriminals to leverage impersonation of social media brands. Cybercriminals are no longer just targeting your corporate network. Due to the rise of the cybercrime economy, there are a growing number of cybercriminal gangs strictly going after initial access (that can be sold to other cybercriminals).

According to IBM X-Force’s latest Threat Intelligence Index, 30% of all cyber incidents in 2023 involved abuse of valid credentials. X-Force’s report stated that abuse of valid credentials exceeded phishing as a top threat for the first time. I love IBM, but they are mixing up root causes and outcomes of root causes. What I mean is that you have to ask yourself how the credentials were stolen in the first place. Were they stolen from the user or a website? Were they guessed at?

New analysis of a phishing campaign shows how cybercriminals use brand impersonation of the platforms they need to compromise accounts and takeover legitimate services. Every day there seems to be a new term for yet another creative attack technique. The latest is phishception (a play on words from the movie Inception) coined by security analysts at cybersecurity company Netcraft.

I have been working in cybersecurity for a long time, since 1987, over 35 years. And, surprisingly to many readers/observers, I often say I have not seen anything new in the hacker/malware space since I began. The same threats that were a problem then are the same problems now. Social engineering and unpatched software (and firmware) have long been the two biggest initial root causes for hacking…for decades.

For the first time, analysis of ransomware payments made in a single year tops $1,000,000,000. This signals a massive return to more frequent, sophisticated, and successful attacks. Each year, blockchain analysis company, Chainalysis, reports on ransomware payments based on the payments made to digital wallets known to belong to cybercriminals and cybercriminal gangs.

Emails are still the most common delivery method for malicious files, according to Check Point’s Cyber Security Report for 2024. “Email-based attacks continue to be the dominant initial infection vector,” the report says.