A new report today from phishing protection company SlashNext Inc. finds a significant increase in phishing attacks over the first six months of 2022 amid deepening cybercriminal activity and global issues such as the Russian invasion of Ukraine.
Based on an analysis of billions of linked-based URLs, attachments and natural language messages in email, mobile and browser channels, SlashNext found more than 255 million attacks – a 61% increase in the rate of phishing attacks from 2021. The findings are said to highlight that previous security strategies, including secure email gateways, firewalls and proxy servers are no longer stopping threats, especially as bad actors increasingly launch these attacks from trusted servers and business and personal messaging apps.
Key findings of the report include cybercriminals moving their attacks to mobile and personal communication channels to reach employees. SlashNext recorded a 50% increase in attacks on mobile devices, with scams and credential theft at the top of the list of payloads.
Highlighting an increasing trend of compromised and fake accounts being used by cybercriminals, SlashNext detected an 80% increase in threats from trusted services from companies such as Microsoft Corp., Amazon Web Services Inc. and Google LLC, with nearly one-third of all threats now hosted on trusted services.
Zero-hour threats — those that have never been seen previously — were a “big standout trend” in the report. More than half of all threats detected by SlashNext were zero-hour threats, demonstrating how hackers adapt and change tactics until they find success.
Credential-harvesting attacks still dominated overall attacks, with 76% of detected threats found to be targeted spear-phishing credential-harvesting attacks. The top three attacked sectors were healthcare, professional and scientific services, and information technology.
“With today’s transition to hybrid working, phishing attacks are becoming more prevalent than ever,” Patrick Harr, chief executive officer of SlashNext, said in a statement. “Mobile phishing and credential harvesting are exploding and affecting business reputations, finances and most importantly, data loss.”
Harr added that “with new methods of phishing attacks appearing year over year, enterprises need more robust phishing protection to better protect this expanding attack surface and companies’ most valuable assets.”