Microsoft has retained its position as the most spoofed brand by cybercriminals for the second year in a row, according to a new report by CyberShield, a cybersecurity firm. The report reveals that Microsoft was impersonated in nearly 25% of all phishing attacks globally in 2022, up from 19% in 2021.
Phishing is a type of cybercrime that involves sending fraudulent emails or messages that appear to come from legitimate sources, such as well-known companies or institutions, in order to trick recipients into revealing sensitive information, such as passwords, credit card details, or personal data.
The report attributes Microsoft's popularity among cybercriminals to the increased adoption of remote working and online collaboration tools due to the COVID-19 pandemic. Many employees use Microsoft's products and services, such as Office 365, Outlook, Teams, and OneDrive, to communicate and work online. This makes them more vulnerable to phishing attempts that ask them to reset their credentials, update their software, or access their files.
CyberShield's report also shows that other technology giants, such as Google, Yahoo, Facebook, and Outlook, were among the top five most spoofed brands in 2022. These brands have a large user base and offer a variety of online services that can be exploited by cybercriminals.
How Attacks Vary by Region
The report also highlights the regional differences in data breaches and phishing attacks. The Asia-Pacific region accounted for the largest number of data breaches in 2022, with Japan being the most targeted country. Europe was the second most affected region, with the United Kingdom suffering the most breaches. The Middle East saw a significant decline in data breaches compared to the previous year.
The report emphasizes the need for individuals and organizations to be vigilant and proactive in protecting themselves from online threats. It recommends verifying the authenticity of requests for personal information, avoiding clicking on suspicious links or downloading attachments from unknown sources, and maintaining strong and unique passwords for different accounts.
CyberShield is a cybersecurity firm that provides solutions and services to help individuals and organisations prevent, detect, and respond to cyberattacks. The report is based on data collected from CyberShield's global network of sensors and partners.
Microsoft is a Hot Target for Cybercriminals
Microsoft's popularity and ubiquity across enterprise makes it a frequent target for cybercriminals. Despite the robust security measures the company has in place, it is always a cat and mouse game with threat actors.
Back in 2019, Cisco published a report that showed Microsoft Office takes more phishing attacks than any other service. Kaspersky Lab has also said Office 365 is the main target of phishing campaigns. The security firm says 70 percent of all attacks are targeted at Office. In 2020, Check Point reported that Microsoft products faced more phishing attacks during the third quarter of the year than any other company.
In August last year, Kaspersky once again named Office 365 as the most frequent target of attacks. In Q2 2022, the number of exploits for vulnerabilities in the Microsoft Office suite increased, accounting for 82% of the total number of exploits across different platforms and software, such as Adobe Flash, Android, Java etc.