Cyber Threats 2023: Phishing Dominates, AI Targeted

illustration: bing.com/create

Cybersecurity data concerning Poles is alarming. Millions fall victim to online scammers, clicking suspicious links and sharing sensitive data. The CERT Orange Polska report highlights the scale of this phenomenon.

Phishing Takes the Lead

The most popular method of online fraud remains phishing. Cybercriminals create fake websites or emails that closely mimic those of well-known companies or institutions. Their goal is to steal personal data, credit card information, or login credentials for online banking by tricking users into downloading malicious files or clicking on links to fake websites.

In 2023, CERT Orange Polska`s security systems blocked over 360,000 fake websites, and around 5.5 million Poles clicked links leading to them. Victims lost money, personal data, and even control over their online accounts.

This marks a significant shift over the past decade. In 2014, spam—unwanted messages cluttering inboxes—was the top threat with around a 40% share, while phishing accounted for just 1% of incidents recorded by CERT Orange Polska.


- "Today, the leader is multi-vector, advanced phishing targeting both users and companies, which accounted for over 44% of reports last year," says Robert Grabowski, head of CERT Orange Polska, quoted by Newseria Biznes. - "As an operator aware of these threats, we aim to block them before users even encounter them. We do this at the network level, using CyberShield."

Social Engineering, Malvertising, and DDoS Tsunami

According to the CERT report, social engineering plays an increasingly prominent role in attacks, as cybercriminals use ever more sophisticated methods to manipulate network users.

• In 2023, scammers created over 360,000 fake websites.
• A staggering 5.5 million Poles fell victim to them.

In addition to phishing, malvertising—ads with links to malicious sites—has gained popularity. In 2023, CERT Orange Polska’s security systems blocked three times as many such sites as the previous year.

CERT Orange Polska experts point to other growing threats:

• Fake investments: Scammers lure victims with promises of quick profits, encouraging them to invest in fictitious ventures.
• Fake payment links: Cybercriminals send emails or SMS messages with links to supposedly secure payment sites where victims enter credit card details.
• Buyer scams: On auction and shopping platforms, scammers send fake messages asking for deposits or credit card details.
• Spyware: Malicious software that steals confidential data from infected devices.
• DDoS attacks: Cybercriminals attempt to paralyze websites or online services by flooding them with network traffic.

- "The number of attacks exceeding 10 Gbps has doubled (from 3.8% to 7.7%), as has the number of attacks with the smallest volume—below 0.2 Gbps (from 24.3% to 40.8%). The record-breaking 93 Gbps attack in 2014 would barely raise an eyebrow today (attacks over 100 Gbps are now routine). Last year`s record hit 543 Gbps, nearly six times stronger than a decade ago," explains Robert Grabowski, quoted by Newseria. - "We’re also seeing much more advanced attacks that are harder to defend against, such as carpet bombing, which targets entire address blocks rather than single addresses, and complex attacks like Web DDoS Tsunami."

How to Protect Yourself

To guard against cybercriminals, vigilance and caution online are essential:

• Avoid clicking suspicious links: Even if an email or SMS looks legitimate, check the sender`s address and the link`s content before clicking.
• Do not provide personal information on unfamiliar websites: Websites where you share personal data should use HTTPS protocol and have SSL certificates.
• Use strong passwords: Passwords should be unique, at least 12 characters long, and include lowercase and uppercase letters, numbers, and special symbols.
• Use antivirus software: Regularly updated antivirus software can protect against malicious software.
• Familiarize yourself with online security practices: Websites like CERT Orange Polska and other cybersecurity organizations offer valuable information and tips.

- "Last year saw critical vulnerabilities in security devices and access solutions, and that trend will continue. We`ve moved a large portion of our work into the digital realm, enabling hybrid or fully remote work, which is now a primary medium for accessing companies," explains Robert Grabowski. - "For cybercriminals, discovering such vulnerabilities is a prime opportunity, and they will continue to exploit and attack these solutions."