Data obtained by think tank Parliament Street under the Freedom of Information (FOI) Act reveals that the BBC has been targeted by 383,278 spam, phishing and malware attacks every day
The amount of email attacks on the BBC between the 1st October 2021 and the end of January 2022, which totalled nearly 50 million, is up 35% compared to the same statistics in the Summer of 2020.
Of all attacks targeting the BBC during the period in question, 70,589 were classified as malware attacks, while 291,042 were phishing emails.
This amounts to an average of 2,366 phishing emails and 574 malware attacks, targeting BBC employees every day.
Cyber security experts examining Parliament Street‘s findings have cited the busy shopping periods, combined with the rising threat of Omicron, as the leading causes for the uptick in attacks.
Why email is still the most significant vector that attackers exploit
“Targeting employees during the busy holiday period is a tried-and-tested tactic used by cyber criminals, who are betting on the fact that people will be busier and more distracted during this time,” said Tim Sadler, CEO and co-founder of Tessian.
“In fact, our own data shows that the most malicious emails are sent during the last 3 months of the year. As the number of email attacks continues to rise year on year, and spikes during busy periods, organisations must find ways to alert employees to potential phishing attacks. Staff must also be regularly educated on the threats they could be exposed to and make aware of what they need to do should they receive one.
“The BBC especially is an attractive target for cyber criminals who are looking to steal information and harvest those all-important credentials. There have been a number of cases where threat actors have targeted journalists in phishing campaigns in attempts to steal login credentials, so that they can take over the account and pose as the journalist in emails to other companies. Under the guise of the journalist, cyber criminals can trick their new targets into sharing information or downloading malware. This is a sophisticated form of spear phishing, and the threats can be difficult to spot.”
Edward Blake, area vice-president EMEA at Absolute Software, commented: “Large organisations that operate in the public eye, such as the BBC, are lucrative targets for opportunistic cyber criminals, who will stop at nothing to disrupt systems, seize data, or steal sensitive information for the purpose of selling on to interested third-parties or for holding them to ransom.
“The BBC not only ticks the right boxes for being a good target for cyber criminals, but it is also responsible for tens of thousands of employees, and even more endpoint devices. All it takes is for one well-placed cyber attack to land, before the extremely sensitive information, or even the operational capacity, of an organisation like the BBC is put at risk.
“This is why it’s imperative that businesses adopt endpoint security, which is self-healing and leverages AI technology, as well as a Zero Trust approach to verify that all users are who they say they are when accessing certain applications and files. This is key to preventing malicious actors from moving laterally across a network, and stopping costly data loss incidents.”
Think tank Parliament Street recently found a 2,650% surge in email attacks faced by the Information Commissioner’s Office (ICO) in 2021.