A joint five-month study conducted by Google with Stanford University researchers analyzed over 1.2 billion email-based phishing and malware attacks against Gmail users to determine what are factors influence the risk of attack.
Experts discovered that malicious campaigns are typically short-lived and indiscriminately target users worldwide.
“However, by modeling the distribution of targeted users, we find that a person’s demographics, location, email usage patterns, and security posture all significantly influence the likelihood of attack.” reads the study published by Google. “During our measurement window, we find that attackers targeted, on average, 17.0 million users every week with hundreds of thousands of campaigns that last a median of just one day. These attacks follow a skewed distribution: 10% of phishing campaigns accounted for 76% of phishing attacks, and 10% of malware campaigns accounted for 61% of malicious attachments. Attackers broadly targeted users around the globe as part of their campaigns, with the majority of targets residing in North America and Europe. While 90% of attacks occurred in English, we show evidence that some attackers localize their efforts.”
According to the study, 42% of all targets were from the US, followed by the UK (10% of all attacks) and Japan (5% of attacks).
Both phishing and malware attacks are bursty, experts observed the volume of attacks increasing by 500% at times from week to week. At its peak, the researchers observed 117 million phishing emails targeting 41 million distinct users during the week of May 11, 2020.
“Over the course of our measurement period, we observed a total of
406,002 distinct phishing campaigns and 1,724,160 malware campaigns. Both classes of attacks exhibit a highly skewed distribution.
The top 10% of phishing campaigns account for 76% of phishing
emails, while the top 10% of malware campaigns account for 61% of
emails with malicious attachments.” continues the report.
According to the experts, 89% of malware campaigns last just one day, while the median phishing campaign lasts three days or less. The short duration
a choice of the attackers to evade detection.
Other factors of high risk of being targeted by phishing attacks reported by the experts are:
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, Gmail)