“Human hacking,” better known as social engineering, is surging
Social engineering takes center stage
Kroll Q3 Threat Landscape Report
What’s in this report from Kroll:
Despite cyberattacks continually making headlines, successful “human hacking,” or social engineering attacks, have escalated dramatically over the past quarter. In fact, Kroll’s threat intelligence team saw a 47% increase in business email compromise (BEC) cyberattacks in Q3.
Social engineering attacks like BEC have a huge impact on businesses, with the FBI’s latest Internet Crime Report stating businesses lost more than $2.7 billion due to BEC in 2022 alone. This increased volume of social engineering attacks is matched by a broadening range of approaches, whether that is via phone and SMS, novel email phishing scams or directly via Microsoft Teams using malware.
Key findings:
- Social engineering tactics increased dramatically, with significant increases in phishing (8%), valid accounts (9%) and voice phishing (3%).
- The professional services sector was the most targeted in Q3 at 27% of cases, particularly legal firms, fueled by a rise in BEC across all sectors.
- Email compromise is the most common threat type, increasing in activity since Q2 by 13%.
“With social engineering or ‘human hacking’ on the rise, it is critical that businesses take proactive steps to ensure that they have adequate defenses in place,” said Keith Wojcieszek, global head of threat intelligence in Kroll’s cyber risk business. “Security training, ensuring detection with URL rewriting via email protection and using creative conditional access control policies are only a shortlist of key recommendations. Sitting and waiting to see whether an attack will be successful is simply not good enough as cybercriminals remain persistent.”