Over 90% of phishing campaigns lead victims to malware

Cybersecurity incidents in 2023 were analyzed in a recent report by Comcast Business. Phishing remains the primary method used by attackers to gain initial access to networks, with over 2.6 billion interactions detected, according to the report. Additionally, over 90% of the phishing interactions that were blocked were designed to direct victims to phishing sites hosting malware. The trend underscores the need for robust anti-phishing technologies, user education, and email gateway platforms to combat this growing threat.

Remote services were the most exploited method for lateral movement, with over 409 million events detected. Employing tools like endpoint detection and response (EDR) and managed detection and response (MDR) can help IT staff identify early-stage threats by monitoring network activity for anomalies in user behavior. 

By exploiting these protocols, attackers can mask their malicious activities and evade detection. Domain name system (DNS) tunneling remains a popular technique to bypass traditional security measures, with over eight million observed events. Similarly, transmission control protocol (TCP) was used in 104,000 events to provide reliable communication channels, often with encrypted payloads that further obscure malicious activities. The use of Windows Remote Management (WinRM), which saw nearly 78 million events, was also prevalent. These methods underscore the need for sophisticated detection tools to identify and mitigate covert malicious activities.

There were more than 126 million blocked instances of malware or botnets designed specifically for financial theft, underscoring the financial motivations behind many cyber-attacks. DDoS attacks remained a major threat to Comcast Business customers, with 103,000 reported events. This surge emphasizes the need for robust DDoS protection and mitigation strategies.

Read the report