British cybersecurity firm Darktrace has revealed that it identified a staggering 17.8 million phishing emails in the first half of this year. These malicious emails, sent by cybercriminals posing as reputable companies or individuals, aim to steal sensitive information or money from unsuspecting victims. Shockingly, a majority of these phishing emails managed to bypass strict security protocols. According to Darktrace’s report released on August 6th, 26 percent of the phishing emails successfully passed DMARC authentication, a security measure used by businesses to prevent email impersonation. Furthermore, an alarming 56 percent of these fraudulent emails (nearly 10 million) were able to penetrate all existing security layers.
Darktrace also highlighted the increasing trend of targeted and personalized phishing campaigns. In May and June alone, the company detected over half a million attempts to impersonate well-known brands and another 240,000 emails pretending to be VIPs from various organizations. The report suggests that threat actors are now focusing on curating bespoke email campaigns aimed at specific organizations or individuals rather than relying on mass phishing attacks.
Interestingly, spear-phishing attempts accounted for 40 percent of all identified phishing emails during this period. Unlike mass phishing attacks that target numerous recipients in hopes of deceiving a few victims, spear-phishing involves tailored attacks directed at specific individuals or organizations.
In addition to identifying millions of fraudulent emails, Darktrace also discovered over one million multistage payload messages that launch cyberattacks in multiple steps. The firm further detected around 550,000 malicious QR codes designed to direct users towards harmful endpoints where their devices could be infected with malware or their login credentials stolen.
Darktrace emphasized that while new threats continue emerging in the ever-evolving threat landscape, many cyberattacks are still carried out by familiar hacking groups using well-known malware variants and techniques. This indicates that exploitable vulnerabilities persist despite efforts made towards cybersecurity.
The release of Darktrace’s report coincides with alarming statistics from the nonprofit Identity Theft Resource Center (ITRC), which reported nearly five times as many data breach victims in the United States during the first half of this year compared to previous years’ figures. Financial services were hit hardest by data breaches followed by healthcare and professional services sectors.
The FBI also reported significant increases in internet fraud frequency and financial impact last year with over $12.5 billion potential losses reported through its Internet Crime Complaint Center alone.
Phishing schemes were particularly prevalent among reported crimes accounting for approximately one-third (34 percent) of all complaints received by the FBI last year.