Voice Phishing Surges to #2 Initial Access Method, #1 for Cloud Breaches — Google's Mandiant Report
Available in: 中文
Google's Mandiant M-Trends 2026 report reveals that voice phishing has surged to become the second most common initial access method (11% of attacks) and the number one tactic for breaching cloud e...
Google's Mandiant M-Trends 2026 report reveals that voice phishing has surged to become the second most common initial access method (11% of attacks) and the number one tactic for breaching cloud environments.
Key Findings
| Method | Share of Attacks |
|---|---|
| Vulnerability exploitation | 32% (#1, 6th year running) |
| Voice phishing | 11% (#2, surging) |
| Email phishing (non-interactive) | 6% (declining) |
Why Voice Phishing Works
- Attackers call IT help desks to register attacker-controlled MFA devices
- IT help desks are trained to help — making them easy targets
- Interactive social engineering creates a "new level of sophistication"
- Groups like ShinyHunters and Scattered Lapsus$ Hunters increasingly use these tactics
ClickFix Attacks
Attackers trick users into running malicious commands by:
- Clicking fake computer problem fixes
- I-am-not-a-robot prompts
- Google documented "dozens" of criminals using this technique
Extreme Timelines
Fast Hand-offs
- Initial access crew hands off to ransomware gang in under 30 seconds
- Creates a market for access brokerage
Long-Term Stealth
- Espionage groups and North Korean scam IT workers
- Stay hidden for hundreds of days by targeting edge devices (firewalls, routers, VPNs)
- Exploit zero-day bugs on devices without endpoint security
Data Source
Based on 500,000+ hours of incident response engagements worldwide.
Source: The Register, Google Mandiant M-Trends 2026
← Previous: Microsoft Admits Windows 11 Quality Problems: Removing Copilots, Improving Performance, Lowering RAM UsageNext: Meta's AI Content Moderation Shows Modest Improvements as Company Shuts Down Metaverse Platform Horizon Worlds →
0