Menu
By Cian Fitzpatrick | 5th August 2024
Phishing attacks have become a widespread cybersecurity threat, affecting organisations across all industries. These attacks involve tricking individuals into revealing sensitive information, often through deceptive emails or websites.
We can see from this image from Statista that the first quarter of 2024 has been awash with phishing attacks.
In this article, you will learn:
Phishing is a type of cyber attack where attackers impersonate legitimate entities to deceive individuals into divulging sensitive information, such as login credentials, financial details or personal information. All of this is gold dust.
This is typically done through emails, phone calls, or fake websites designed to look like trustworthy sources.
There are several variations of phishing attacks:
Phishing tactics can range from generic mass emails to highly sophisticated attacks that use personal information to convince targets of their authenticity. These attacks often lead to severe consequences, including financial loss, data breaches, and damage to an organisation’s reputation.
Financial institutions are prime targets for cybercriminals due to the high value of the data they manage and the increasing opportunities created by digital transformations. Major breaches in this sector, like the Flagstar Bank breach in 2022 (more details below), have exposed millions of sensitive records, including Social Security numbers and financial details. Such incidents highlight the need for robust cybersecurity measures, including regular software updates and strong data protection protocols.
The frequency and impact of these breaches emphasise the critical need for financial services to learn from past incidents. By analysing key mistakes, such as the failure to patch known vulnerabilities or insufficient network segmentation, companies can better protect themselves against future attacks. It’s crucial for organisations to implement comprehensive security strategies, including advanced threat detection, vendor risk management, and thorough employee training, to mitigate the risk of data breaches.
Example: The Industrial and Commercial Bank of China
In November 2023, the Industrial and Commercial Bank of China (ICBC), the world’s largest bank by revenue, experienced a significant ransomware attack. The attack targeted the bank’s U.S. financial services arm, disrupting critical systems and preventing the settlement of U.S. Treasury trades and other financial transactions. ICBC promptly isolated the affected systems to contain the breach and initiated recovery efforts with the help of cybersecurity experts. The incident underscores the vulnerability of even the most robust financial institutions to cyber threats.
The ransomware attack was attributed to the LockBit group, known for its sophisticated and destructive ransomware campaigns. This breach at ICBC, a cornerstone of China’s financial infrastructure, highlights the increasing boldness and reach of cybercriminal organisations. The disruption caused by the attack also demonstrates the potential for significant economic impact, as financial institutions play a critical role in global markets. The incident serves as a stark reminder of the need for heightened cybersecurity measures and continuous vigilance within the financial sector.
The healthcare industry faces unique challenges in defending against phishing attacks due to the sensitive nature of patient data and the critical systems involved in healthcare delivery. Attackers target this sector not only for financial gain but also to access personal health information, which can be used for identity theft or sold on the black market.
Example: HCA Healthcare
During this July 2023 breach of a Tennessee-based hospital and clinic operator, threat actors accessed and exfiltrated data from an external storage location that formatted emails and calendar reminders sent to patients.
Data such as names, email addresses, birth dates, and other personally identifiable information (PII) for more than 11 million patients across 20 states was taken. There were multiple class action lawsuits filed after the breach became public, with, “plaintiffs alleging that HCA ‘did not use reasonable security procedures and practices appropriate to the nature of the sensitive information it was maintaining’ for its patients and customers, such as encrypting the data or deleting it when it’s no longer needed.”
Type of Attack: Third-party storage breach
Location: Nashville, Tennessee, with nationwide impact
People affected: 11 million patients
Educational institutions are increasingly becoming targets for phishing attacks due to the vast amounts of personal data they hold, including student records, financial information, and research data. These attacks often exploit the diverse and decentralised nature of educational environments, where security practices may vary widely.
Example: University of Manchester
In June of 2023, a ransomware attack on the University of Manchester resulted in the exfiltration of PII for staff, alumni, and students, plus a 250GB data set that contained the health records of 1.1 million NHS patients. It appears the breach was the result of a VPN exploit, as the university removed access to their GlobalProtect VPN shortly after the incident occurred. The university had health records, including patient data of major trauma patients and terror attack victims, for research purposes.
Amazon’s one click set off the ecommerce revolution, and it shows no signs of slowing down.
But alongside online shopping picking up pace, cyber criminals are cashing in big time. The retail and e-commerce sector is a frequent target for phishing attacks due to its handling of large volumes of sensitive customer information, including credit card numbers and personal details. Attackers often seek to exploit this data for financial gain or to carry out further fraudulent activities.
Example: JD Sports
In January of 2023, threat actors made off with the personal information of 10 million customers of fashion retailer JD Sports. Cybercriminals gained access to a database of purchases made between 2018 and 2020 and made off with the “full name, delivery and billing address(es), email address, phone number, final 4 digits of payment card and/or order details,” according to an email sent by JD Sports Group.
The breach raised serious questions about JD Sports’ data management policies, as this database contained millions of records from transactions going back as much as four years.
Government agencies and public service organisations are increasingly targeted by phishing attacks due to the sensitive information they handle and the potential impact of disrupting critical services. These attacks often aim to steal confidential data, disrupt operations, or even influence political outcomes.
The SolarWinds supply chain attack is a case in point of an advanced cyber operation targeting governmental bodies. During this incident, cybercriminals infiltrated SolarWinds’ Orion software, a popular IT management tool. This in turn embedded malicious code into its updates.
This backdoor approach, known as a trojan, allowed attackers to access sensitive networks across various sectors, including federal agencies and major enterprises. The breach underscored the critical vulnerabilities present in supply chains, highlighting the need for robust cybersecurity measures to protect against such sophisticated threats.
This incident underscores the critical need for robust cybersecurity measures within government and public sector organisations. These entities are encouraged to use secure communication channels, implement stringent access controls, and educate staff on recognizing and responding to phishing attempts.
Phishing attacks are a pervasive threat across various industries, but organisations can take several steps to protect themselves and their stakeholders. Here are some best practices to prevent phishing attacks:
These best practices are essential for minimising the risk of phishing attacks and protecting sensitive information. By implementing these measures, organisations can significantly reduce their exposure to phishing threats. Each sector faces unique challenges and risks, making it crucial for organisations to implement robust security measures. But no matter what industry you’re in, staying informed and proactive is key to maintaining a secure digital environment.
