According to 2021 data from one cloud cybersecurity firm, phishing attacks had shot up by over 400% in its protection ecosystem.
Through analyses of a cloud cybersecurity solution’s 200bn daily ecosystem activities across the globe January 2021 to December 2021, some key cyber trends and tactics have been summarized in a Phishing Report for 2022.
The report shows a 29% growth in overall phishing attacks in Zscaler, Inc’s. protection ecosystem compared to previous years, with retail and wholesale companies bearing the brunt of the increase. Also, the data shows an emerging proliferation of Phishing-as-a-Service methods, as well as new attack vectors such as SMS phishing (smishing).
Commonly, phishing attacks lure victims through content posing as that belonging to top brands, or through promoting fake topical events. Data in the Zscaler ecosystem showed the top phishing themes in 2021 to include categories such as productivity tools, illegal streaming sites, shopping sites, social media platforms, financial institutions, and logistical services.
Growing threat: Phishing-as-a-Service
Data in the report showed that in 2021, the US was the most-targeted country globally, accounting for over 60% of all phishing attacks blocked by Zscaler’s security cloud. The next most frequently attacked countries included Singapore, Germany, the Netherlands, and the United Kingdom.
Furthermore, the following findings were reported:
- Not all countries experienced the same attention from phishing attacks. For example, the Netherlands experienced a decrease of 38%, which may have resulted from recently-passed legislation that increased the penalties for online fraud.
- Phishing attacks were also not evenly distributed across different industries. Retail and wholesale businesses experienced an increase of over 400% in phishing attempts—the most out of all industries tracked in the ecosystem. Following these were financial and government sectors, with organizations in these industries seeing over 100% increases in attacks on average.
- Some industries in the ecosystem experienced partial relief from phishing attacks last year: healthcare saw a drop of 59%, while the services industry saw a decline of 33%.
- By selling pre-built phishing tools and services on the Dark Web, cybercriminals have been making it easier to deploy phishing scams at scale in 2021 and foreseeably, in the rest of 2022.
According to the firm’s CISO and VP of Security Research and Operations Deepen Desai, the rise of Phishing-as-a-Service is making it easier than ever for non-sophisticated actors to launch successful attacks.
Said Desai: “To defend against advanced phishing attacks, organizations must leverage a multi-pronged defensive strategy anchored on a cloud-native zero trust platform that unifies full SSL inspection with AI/ML-powered detection to:
- stop the most sophisticated phishing attempts and phishing kits
- detect lateral movement and integrated deception
- limit the blast radius with proactive controls
- block high risk destinations such as newly-registered domains that are often abused by threat actors
- encompass in-line data loss protection to safeguard against data theft.”