Automation to Drive Tidal Wave of Spear Phishing Campaigns in 2021, Researchers Predict

  • Email remains the biggest threat to corporate infrastructures
  • Cyber-criminals are creating tools that automate the manual aspects of phishing attacks – especially spear phishing campaigns
  • By combining automation with programs that scan data from social media networks and company websites, phishers can send detailed, believable spear phishing emails, with content customized to each victim

Phishing, one of the most convenient and lucrative attack vectors, remains a primary threat faced by organizations big and small as we move into 2021. Businesses that don’t take email-borne threats seriously are likely – now more than ever – to suffer a breach, security researchers warn.

Preying on fears stoked by the COVID-19 pandemic and political strife, cybercriminals are gearing up to deploy a “tidal wave” of automated attacks, according to one of WatchGuard’s key cybersecurity predictions for next year.

The list covers a wide range of projections describing an expanding threat landscape, including IoT threats, legacy Windows installments that are still in heavy usage (with no more security support from Microsoft), and a spike in attacks leveraging Remote Desktop Protocol instances and Virtual Private Networks. However, email remains the biggest threat to corporate infrastructures, the report warns. And the danger is exacerbated as cyber-criminals start to create tools that automate the manual aspects of phishing attacks – especially spear phishing campaigns.

“By combining such tools with programs that scan data from social media networks and company websites, phishers can send thousands of detailed, believable spear phishing emails, with content customized to each victim,” the report predicts.

“This will dramatically increase the volume of spear phishing emails attackers can send at once, which will improve their success rate … What’s more, bad actors know that anxiety and uncertainty make victims easier to exploit. As society continues to grapple with the impact of COVID-19, global political strife, and general financial insecurity in 2021, we anticipate that many of these automated spear phishing attacks will prey on fears around the pandemic, politics, and the economy,” the report warns.

According to the authors, these automated, volumetric spear phishing campaigns will likely be less sophisticated and easier to spot than the traditional, manually generated variety. However, this prediction may not hold water if cybercriminals put more effort into their phishing campaigns – which they do, progressively, each year.

Bitdefender strongly believes organizations must prioritize workforce behavior in relation to data and machines as a pillar of next-generation IT strategies. Security solutions that embody human risk analytics enable IT administrators to act with surgical precision, tweak the right security controls when and where needed, and train staff who have a poor grasp of IT security. As work-from-anywhere becomes the norm, organizations must integrate endpoint protection, risk management, and user behavior analytics for a more holistic approach to cybersecurity. Learn more at https://www.bitdefender.com/business.