IT, healthcare and manufacturing facing most phishing attacks: report

Avanan researchers examined more than 905 million emails and found that their customers in the IT industry saw 9,000 phishing emails in a one month span.
Written by Jonathan Greig, Contributor

A new report from cybersecurity firm Avanan found that their customers in the IT, healthcare and manufacturing industries were facing the highest number of phishing emails. 

The company's researchers examined more than 905 million emails for the 1H 2021 Global Phish Cyber Attack Report, finding that the IT industry specifically saw 9,000 phishing emails in a one month span out of almost 400,000 total emails. Their healthcare industry customers saw more than 6,000 phishing emails in one month out of an average of over 450,000 emails and manufacturing saw a bit less than 6,000 phishing emails out of about 330,000 total emails. 

Avanan researchers said these industries are ripe targets because of the massive amount of personal data they collect and because they are often stocked with outdated technology that can be easily attacked. 

Gil Friedrich, CEO of Avanan, said the report highlighted the perilous situation facing thousands of hospitals around the world. 

"The Avanan research shows that hackers are using one of the most basic tactics to get in ‒- phishing attacks," Friedrich said.

About 5% of all emails are phishing, according to the report, and many hackers are now attempting to target "low-hanging fruit" as opposed to more important C-level executive accounts. 

Most phishing attacks involve either impersonation or credential harvesting, the researchers found. More than half of all phishing attacks involve credential harvesting and that figure has grown by almost 15% since 2019. About 20% of all phishing attacks are related to Business Email Compromise. 

Non-executive accounts are targeted 77% more than other accounts, the report said, and nearly 52% of all impersonation emails are pretending to be from a non-executive account at an enterprise. 

"There are a few reasons behind this. One, security admins might be spending a lot of time providing extra attention to the C-Suite and hackers have adjusted. Two, non-executives still hold sensitive information and have access to financial data. There is no need to go all the way up the food chain," Avanan researchers said. 

Avanan works as a second layer of defense behind Microsoft's EOP, ATP/Defender, Google Workspace and other tools. The report said more than 8% of all phishing emails managed to get past the first layers of defense and into people's inboxes "because of an allow or block list misconfiguration, a 5% increase from last year, and 15.4% of email attacks are on an Allow List."

"The most commonly used tactic is using non-standard characters and limited sender reputation. Non-standard characters are used in 50.6% of phishing links and 84.3% of phishing emails do not have a significant historical reputation with the victim," the report said. 

Avanan researchers also noted the Junk Email folder in many inboxes has become a haven for phishing emails, confusing many users who look through their Junk folders for marketing emails and subscriptions. 

The report said SCL scores of 5,6, and 9 will be sent to a Microsoft user's Junk folder, leaving them alongside more legitimate emails offering deals and other things. 

"You now have monthly subscriptions, newsletters, and targeted phishing attacks in your spam folder, and you have to leave it up to the end-user to decide which ones are safe to open," one unnamed CIO told Avanan researchers. 

The same happens for Google users but Microsoft users see 89% more emails in Junk than Google does, according to the report. 

"An easy way to determine if an email is suspicious is by looking at sender reputation. It's no wonder, then, that 84.3% of all phishing emails do not have a significant historical reputation with the victim. Further, 43.35% of all phishing emails come from domains with very low traffic," the report said. 

Editorial standards