Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Phishing attacks on company computer systems increase in Q1

Reprints
phishing

Phishing attacks deployed for initial access into companies’ computer systems increased by more than half in the first quarter compared with last year’s fourth quarter, says a report issued Tuesday.

Phishing attacks increased by 54% between Q4 2021 and Q1 2022, according to the report by Kroll LLC, an affiliate of Duff & Phelps LLC, in Secaucus, New Jersey, Q1 2022 Threat Landscape: Threat Actors Target Email for Access and Extortion.

“Email compromise and ransomware were the two most common threat incident types, highlighting the integral part played by end users in the intrusion lifecycle,” it said.

The report says widely publicized vulnerabilities such as ProxyShell and Log4J are being used as pivot points for attackers to access and compromise systems through approaches including business email compromise and cryptominers.

The report said in the first quarter, these vulnerabilities were being leveraged by multiple ransomware groups for initial access into systems.

The report said while the proportion of ransomware incidents dropped 20% from the last quarter, “cybercriminals capitalized on other methods to extort victims,” including large-scale data theft.

The report says also that “substantial international law enforcements operations” at year-end 2021 “disrupted many high-profile ransomware groups, “such as REvil, while others, such as BlackMatter, voluntarily announced they were ending operations because of authorities’ pressure.