The BBC were the target of nearly 50 million email attacks between October 1 2021 and the end of January 2022. This is according to official figures obtained via a Freedom of Information act (FOI) request, and analysed by a Parliament Street think tank.
This means the BBC is facing an average of 383,278 email attacks a day, whether spam or otherwise, which is a 35 per cent increase from the daily figure of 283,597 email attacks blocked per day observed by Parliament Street in Summer 2020.
In total, the BBC received a staggering 47,143,313 emails during the four-month period between October 2021 and January 2022, of which 70,589 were classified as malware attacks, and 291,042 were phishing emails.
This amounts to an average of 2,366 phishing emails and 574 malware attacks, targeting BBC employees every single day.
Experts from industry-leading cyber security firms have cited the busy shopping periods, combined with the rising threat of Omicron, as the leading causes for the uptick in attacks.
Tim Sadler, CEO and Co-Founder, Tessian, said: “Targeting employees during the busy holiday period is a tried-and-tested tactic used by cybercriminals, who are betting on the fact that people will be busier and more distracted during this time.
“In fact, our own data shows that the most malicious emails are sent during the last 3 months of the year. As the number of email attacks continues to rise year on year, and spikes during busy periods, organisations must find ways to alert employees to potential phishing attacks. Staff must also be regularly educated on the threats they could be exposed to and make aware of what they need to do should they receive one.
“The BBC especially is an attractive target for cybercriminals who are looking to steal information and harvest those all-important credentials. There have been a number of cases where threat actors have targeted journalists in phishing campaigns in attempts to steal login credentials, so that they can take over the account and pose as the journalist in emails to other companies. Under the guise of the journalist, cybercriminals can trick their new targets into sharing information or downloading malware. This is a sophisticated form of spear phishing, and the threats can be difficult to spot.”