- Phishing attacks and fraudulent business email compromise against the pharmaceutical sector have jumped 149 percent in the past year, making the biopharma sector the most targeted industry by hackers.
According to Proofpoint researchers, who analyzed attacks against Fortune 500 companies, pharmaceutical companies were the most targeted by hackers in the last quarter with an average of 71 fraud attacks per business. In fact, there have been 282 attacks on the pharma industry this year.
Drug manufacturers are a prime target given the intellectual property on medicines and new compounds, which could be profitable on dark web markets.
Across all sectors, there were four times as many email-based, credential phishing attacks versus the previous quarter. The researchers explained that “it’s too early to tell if it’s seasonal or reflects a broader shift.”
However, about 67 percent of overall highly targeted malware and phishing attacks were directed at individual contributors and lower-level management, while upper management and executive attacks rose about four points.
Hackers trick employees by spoofing email addresses of contacts or high-profile company executives to trick users into giving up data or even transferring money. While the simple, the attacks have increased due to the hacker’s success.
The report “underscores that cybercriminals continue to primarily target people, and not infrastructure, with their attacks.”
“Attackers overhauled 99 percent of their most targeted individuals over the past quarter, which clearly shows cybercriminals are augmenting their approach at an unbelievable rate to lure unsuspecting employees to click,” Ryan Kalember, Senior Vice President of Cybersecurity Strategy for Proofpoint, said in a statement.
In fact, Kalember explained that “employees who might traditionally be considered a VIP aren’t necessarily the top users targeted by cybercriminals.” And the most exposed departments? Operations and production function, with about 23 percent of highly targeted attacks.
Also notable: Ransomware attacks significantly dropped. However, banking trojans, downloader, credential stealer and remote-access trojan attacks rose to 94 percent “as a share of all malware attacks.”
The researchers also found that email fraud attacks rose to about 36 per targeted organization, which is up 60 percent from the same quarter last year. And most companies were targeted at least once.
“All security teams need visibility into their very attacked people and access to the necessary resources to protect them, while educating all employees to identify and properly report cyberthreats,” said Kalember.