Security company Barracuda recently conducted a study into spear-phishing attempts, finding that one third of malicious logins into compromised accounts in 2021 originated in Nigeria. The conclusion was detailed in the company’s latest report, released on Wednesday. To form the report, Barracuda researchers analyzed millions of emails spanning thousands of businesses between January 2021 and December 2021. The researchers observed a significant shift from volumetric to targeted attacks, malware to social engineering, and attacks that begin with a singular phishing email.
According to the report, roughly 51% of social engineering attacks came in the form of phishing. Microsoft was used in 57% of these phishing attacks, making it the most impersonated brand. In addition, approximately 500,000 Microsoft 365 accounts were compromised by threat actors in 2021. In 2021, one in five organizations had an account compromised, however, small enterprises were more than three times more likely to be attacked. Barracuda also observed a large increase in the popularity of conversation hijacking attacks.
