Anatomy of cybersecurity incidents: phishing is the most used and the banking sector is the main victim

Anatomy of cybersecurity incidents: phishing is the most used and the banking sector is the main victim

The Cybersecurity Observatory and CNCS published the third bulletin this year, focusing on the balance of the number of incidents recorded in CERT.PT during the first half of 2020. There was a 34% increase in cybersecurity incidents recorded in the second quarter, in relation to the first quarter of the year, that is, an increase from 295 cases to 394. Compared to the same period last year, there was a growth of 176 incidents, that is, a growth of 124%.

The document states that during the second quarter there were 160 cases of phishing, the most frequent incident, followed by malware with 68 cases and, finally, unauthorized access with 41 situations. The main target is the banking sector, which recorded 37% of attacks made during the second quarter of the year.

According to the graph of recorded incidents, the most active period of the attacks occurred during the months of March and peaked in April, which coincided with the moment of confinement due to the pandemic of COVID-19. The need for a quick adaptation to the teleworking of companies, made them more vulnerable to cyber attacks. From April to June, the number of attacks was decreasing. The report shows that compared to the same homologous period of 2019, the first half of 2020 registered a 101% increase in the number of incidents.

tek cert

Anatomy of attacks

CNCS reports that in the case of an increase in phishing, 99% of the cases do not mention or are directly associated with the pandemic theme. There are six principles of persuasion applicable in social engineering, according to expert Robert Cialdini: Authority, Scarcity, Reciprocity, Consistency, Affinity and Social Evidence. The most used by attackers is authority, in about 90% of cases, based on a credible image presentation, which is commonly practiced in banking phishing.

Other identified contents refer to the scarcity of an offer that is presented as an opportunity in 8% of the cases, and are related to sales of products and services. Finally, Reciprocity comes in third, with 1% of the cases, when a retribution for a favor or benefit is called for, being mainly in situations of promotion of social interaction. The remaining three principles are not included in the phishing incidents recorded by the report.

As for the actions taken by phishing that were analyzed, 79% of the situations encourage users to log in to an account; 12% ask for data related to a product or service; 7% promise financial gains; and 3% ask to complete a document. About the attacks, 3% are only spear phishing and 94% ask users to click on a website address.

As for the target audience, the majority of attacks are directed at customers (90%), while 7% are workers, and finally, 3% correspond to the general citizen.