Cyber Crime
Phishing Attacks Surge Worldwide in 2022, US Remains Top Target: Zscaler
Phishing campaigns rose 50% YoY driven by AI tools & kits. US had 65% of attacks, education up 576%, finance and gov up 273%. Smishing evolves.
Zero trust security vendor Zscaler’s ThreatLabz Phishing Report has revealed that phishing campaigns have increased by almost 50% in 2022 compared to the previous year, driven by new AI tools and phishing kits accessible to threat actors. The report also found that the US was the country with the highest percentage of phishing attacks, accounting for 65% of all attacks globally, up from 60% in 2021.
ALSO READ: Want To Become A Future Crime Researcher? Join The Future Crime Research Foundation
Sectors most targeted by phishing campaigns
The education sector saw the highest increase in phishing attacks, up by 576% from 2021, followed by the finance and government sectors, which saw a 273% increase in attacks. In contrast, retail and wholesale saw a drop in phishing attacks by 67%.
The growing threat of Adversary-in-the-Middle (AitM) attacks
The report highlighted the growing threat from Adversary-in-the-Middle (AitM) attacks, which bypass traditional security models, including multi-factor authentication. The increased use of the InterPlanetary File System (IPFS) was also identified as a factor contributing to the rise in phishing attacks.
AI tools and phishing kits
The report noted that AI tools like ChatGPT and phishing kits sourced from black markets have reduced technical barriers to entry for cybercriminals. These tools have made it easier for them to generate malicious code, Business Email Compromise (BEC) attacks and develop polymorphic malware that makes it harder for victims to identify phishing.
ALSO READ: Job Scam: Middle East New Target Of Phishing Scams, Cyber Thugs Pose As UAE Ministry Officials
Shift from smishing to vishing
The report also found that SMS phishing (smishing) is evolving to more voicemail-related phishing (vishing), luring more victims into opening malicious attachments.
Recruitment scams on the rise
The report saw an increase in recruitment scams on LinkedIn and other job recruiting sites, with cybercriminals leveraging fake job postings, sites, portals and forms to attract job seekers.
Zscaler’s global CISO and head of security, Deepen Desai, warned that while the rise in phishing campaigns is not new, its sophistication is unprecedented. “Year-over-year, we continue to see an increase in the number of phishing attacks which are becoming more sophisticated in nature. Threat actors are leveraging phishing kits and AI tools to launch highly effective email, smishing, and vishing campaigns at scale. AitM attacks supported by growth in phishing-as-a-service have allowed attackers to bypass traditional security models, including multi-factor authentication,” he said.
The ThreatLabz Phishing Report is based on a year’s worth of global data from the Zscaler security cloud, which monitors over 280 billion transactions daily across the globe from January 2022 through December 2022.
Follow The420.in on
Telegram | Facebook | Twitter | LinkedIn | Instagram | YouTube
