In 2024, more than 60% of groups used phishing to attack Russian companies

In 2024, 61% of groups attacking the Russian Federation will use phishing emails to gain initial access to organizations' IT infrastructure. This is stated in the results of the study Threat Zone 2025, which was reviewed by Izvestia on February 6.

Experts noted that phishing emails are most often sent on behalf of suppliers, contractors or other contractors. Usually such letters are disguised as invoices, bills, or just some abstract documents. Phishing mimics financial documents in almost 80% of cases. In addition, as part of targeted attacks on Russian companies, cybercriminals often send phishing emails on behalf of regulators and other government organizations.

"Cybercriminals prefer to conduct phishing emails on behalf of well-known organizations. Attackers willingly distribute emails on behalf of regulators and security agencies to make the emails look more credible. The names of prominent and well-known agencies increase users' trust by encouraging them to open the email. It is important to remember that the organizations on behalf of which criminals send phishing emails are not responsible for the actions of criminals and the resulting damage," the study stresses.

As the experts explained, malware (malicious software) in phishing emails can be hidden in an attachment or link. As a rule, cybercriminals prefer attachments. Links are less common, occurring in just 29% of cases.

"The third place (14%) among the VPOs distributed via phishing emails is occupied by downloaders - programs that, once installed on a compromised device, allow other malware to be downloaded onto it. In second place (31%) are stylers, whose task is to steal sensitive data: account logins and passwords, cryptocurrency wallet data, etc., as well as various documents. But the absolute leaders (49%) are remote access trojans (RATs), which allow attackers to remotely execute various commands on the victim's device," the study says.

Confuse the Networks: software failures at the end of the year were most frequently recorded in retail and logistics

Difficulties arise from the departure of software vendors and increased attacks, experts say

According to analysts, the reason for the popularity of RATs is that, in addition to the main, they also have the functionality of stylers and keyloggers, that is, programs that register various user actions, including such things as keystrokes and mouse movements.

It is noted that in 2024, the average Russian company received 63 letters per month that contained VPO. Also, RF organizations received an average of 462 emails with phishing links every month.

"Unfortunately, a significant portion of employees in Russian companies do not know how to recognize dangerous emails. According to BI.ZONE, during initial cyber hygiene testing, the percentage of users who opened an educational phishing email and clicked on the link or opened the attachment ranges from 45% to 67%. This variation is due to varying levels of cyber hygiene depending on the industry, the digital maturity of the company itself, and how much emphasis management places on cybersecurity and employee training. Low levels of cyber hygiene among employees and the inability to recognize phishing poses a serious threat to organizations," the study said.

Earlier, on January 13, it was reported that in Russia, 65% of the analyzed companies have a low level of security. Attacks on them can cause critical damage, lead to the suspension of key business processes and financial losses. This is stated in the results of a study by the information security company "Bastion".