BBC targeted with 383,278 spam, phishing and malware attacks every day

The BBC (British Broadcasting Corporation) were the target of nearly 50 million malicious email attacks between 1st October 2021 and the end of January 2022. This is according to official figures obtained via a Freedom of Information act (FOI) request, and analysed by a Parliament Street think tank.

This means the BBC is facing an average of 383,278 email threats a day, which is a 35 per cent increase from the daily figure of 283,597 email attacks blocked per day observed by Parliament Street in Summer 2020.

In total, the BBC received a staggering 47,143,313 malicious emails during the four-month period between October 2021 and January 2022, of which 70,589 were classified as malware attacks, and 291,042 were phishing emails.

This amounts to an average of 2,366 phishing emails and 574 malware attacks, targeting BBC employees every single day.

Experts from cyber security firms have cited the busy shopping periods, combined with the rising threat of Omicron, as the leading causes for the uptick in attacks.

Tim Sadler, CEO, Tessian, said: “Targeting employees during the busy holiday period is a tried-and-tested tactic used by cybercriminals, who are betting on the fact that people will be busier and more distracted during this time.

“In fact, our own data shows that the most malicious emails are sent during the last 3 months of the year. As the number of email attacks continues to rise year on year, and spikes during busy periods, organizations must find ways to alert employees to potential phishing attacks. Staff must also be regularly educated on the threats they could be exposed to and make aware of what they need to do should they receive one.

“The BBC especially is an attractive target for cybercriminals who are looking to steal information and harvest those all-important credentials. There have been a number of cases where threat actors have targeted journalists in phishing campaigns in attempts to steal login credentials, so that they can take over the account and pose as the journalist in emails to other companies. Under the guise of the journalist, cybercriminals can trick their new targets into sharing information or downloading malware. This is a sophisticated form of spear phishing, and the threats can be difficult to spot.”

Edward Blake, Area VP EMEA, Absolute Software, said: “Large organizations that operate in the public eye, such as the BBC, are lucrative targets for opportunistic cyber criminals, who will stop at nothing to disrupt systems, seize data, or steal sensitive information for the purpose of selling on to interested third-parties or for holding them to ransom.

“The BBC not only ticks the right boxes for being a good target for cyber criminals, but it is also responsible for tens of thousands of employees, and even more endpoint devices. All it takes is for one well-placed cyber attack to land, before the extremely sensitive information, or even the operational capacity, of an organization like the BBC is put at risk.

“This is why it’s imperative that businesses adopt endpoint security, which is self-healing and leverages AI technology, as well as a zero trust approach to verify that all users are who they say they are when accessing certain applications and files. This is key to preventing malicious actors from moving laterally across a network, and stopping costly data loss incidents.”