Phishing attacks increased by 29% in 2021 compared to 2020 according to an analysis by Zscaler’s ThreatLabz research team.
The researchers analyzed data from over 200 billion daily transactions and 150 million daily blocked attacks and published the results in the ThreatLabz Phishing Report 2022.
The report that is available here available for download after filling out a form, identifies the top phishing trends and targets for 2021 and includes predictions for 2022 and 2023.
Phishing remains a major cyber threat
Phishing is still a dominant threat in the world, but it’s evolving. The research team found a 29% increase in phishing attacks in 2021. It attributes the surge to several factors: from the low barrier for running phishing campaigns to improved security systems that organizations and consumers implement to protect against malware and other malicious forms of attacks.
Social engineering attacks are on the rise as they are harder to detect and stop, researchers say.
Another factor playing a role in the increase in phishing attacks is automation and toolkits that attackers can use. Ready-made phishing kits do not require deep technical know-how and include “everything
required to conduct an effective, low-efficiency email or web-based phishing attack”.
Phishing remains a global problem. While the United States remains the top attacked country globally, with more than 60% of all phishing attacks blocked by Zscaler’s Security Cloud, it is not the only country suffering from these attacks. The next places in the ranking are Singapore, Germany, the Netherlands, the United Kingdom, the Russian Federation, France, China, Hungary and Ireland.
Zscaler’s system reported an increase in phishing attacks for most countries in the top 10 in 2021. Five countries each recorded increases of over 100%, with Singapore (829%) and the Russian Federation (799%) topping the table. With the exception of Germany (40%), the United States (7%) and the Netherlands (-38%), most saw large increases.
Phishing attacks target all industries, but retail, wholesale, manufacturing, and services are the most commonly targeted. Attacks on retail and wholesale targets saw a 436% increase, according to the report. Financials, government and all unspecified sectors also posted gains of over 100%.
Attacks on these sectors took advantage of the global pandemic and consumers’ drive to buy goods online.
Several industries saw a drop in phishing attacks in 2021. Zscaler’s research term lists technology and communications, services, and healthcare as the three sectors with fewer attacks.
Microsoft, illegal streaming and Covid-19 most targeted
More than 30% of all phishing attacks in 2021 impersonated Microsoft, 13.6% impersonated illegal streaming sites, and 7.2% impersonated Covid-19 sites. Illegal streaming phishing increased at major sporting events, including the Tokyo Olympics in 2021. Covid-19 phishing emerged in 2020, the year the Covid pandemic began, and continued to pose a major threat in 2021.
The researchers don’t provide an explanation for Microsoft’s high percentage, but explain that Covid-19 and illegal streaming phishing attacks have “lower barriers” than phishing attacks imitating established brands. Consumers have little or no expectations of what Covid-19 or illegal streaming sites should look like or how they will be accessed. Using new domain names is not as worrying as using new domains for established brands.
Two other Microsoft services are featured separately in the top 20 list. Microsoft’s OneDrive file syncing and hosting service ranks sixth with 3.6% overall and Microsoft 365 twelfth with 1.6% of attacks. According to the graphic, Microsoft products account for more than a third of all attacks. Telegram, Amazon, PayPal, Binance, and Google are also included in the listing.
Evolving Phishing Trends
Zscaler’s research period saw an increasing use of secure domains and trusted platforms in phishing attacks. Threat actors use different methods to carry out their attacks. Advertising, using sharing sites such as Evernote or Dropbox, and posting messages on forums, marketplaces, or web blogs are commonly used in attacks.
The list of top referring sites includes google.com, adobe.com, evernote.com, luxherald.com, or googlesyndication.com.
Threat actors use different infrastructures to host phishing sites. More than 50% of all phishing sites use web hosting providers to intermingle with legitimate sites, especially when IP addresses are shared between sites at the host.
Phishing as a Service has grown in importance in 2021. The use of phishing kits and open source tools has increased, and groups have been formed to create and update phishing toolkits. Attackers buy toolkits to reduce the cost and time it takes to run phishing campaigns.
Not only do phishing toolkits require less technical knowledge to run, but they also include “sophisticated templates” that “remove the characteristic typos, misspellings, poor grammar, and unsigned certificates that were previously relied on to identify phishing scams.” , largely eliminated”.
Smishing, SMS phishing, is another emerging trend. Though it’s been around since at least 2006, smishing has seen a 700% surge in just the first quarters of 2021, according to one report. One explanation for the increase in smishing attacks is that the attack type is not as well known as email phishing. While computer users may be aware of email phishing, they may be less aware of other types of phishing, including SMS phishing. Another reason for the increase is that it may be more difficult to verify the sender and loaded websites in mobile web browsers. Covic-19 scams and crypto-related phishing are also evolving.
Best practices to improve phishing defenses
Phishing attacks will continue to be a major threat in 2022 and beyond. Training employees can reduce the likelihood of successful attacks on an organization’s infrastructure. A 2020 Stanford University study found that almost 88% of all data breaches were caused by human error. End-user awareness training is critical, according to the Zscaler report.
Organizations can implement technical defenses and policies to protect infrastructure and data from successful phishing attacks. Up-to-date antivirus software and advanced threat protection services, regular patching, email scanning and encrypted traffic inspections are particularly useful.
Using multi-factor authentication stops most phishing attacks because attackers cannot use a user’s username and password alone to log into systems. The second level of verification, which can be provided by an application or hardware gadget, blocks access to systems. (above Born)