The cold, hard truth? Cybercriminals are still perpetuating plenty of unsophisticated attacks for a simple reason: They work.
Plenty of cybercriminals are still perpetuating plenty of non-sophisticated attacks for the simple reason that they work. These are the scams and fraud that prey on the unsuspecting and the unknowing. In other words, they are the attacks that prey on human behavior. This includes basic phishing attacks and credential harvesting.
For instance, a recent Cybersecurity and Infrastructure Security Agency (CISA) report found that:
Valid account credentials are at the root of most successful threat actor intrusions of critical infrastructure networks and state and local agencies
Valid credential compromise combined with spear-phishing attacks accounted for nearly 90% of infiltrations last year
Valid accounts were responsible for 54% of all attacks studied in the agency's annual risk and vulnerability assessment