The annual phishing report shows new phishing campaigns that can be traced back to the increasing use of AI platforms such as ChatGPT.
- Worldwide phishing attacks increased by almost 2022 percent in 50 compared to 2021
- The education system was the top target with a 576 percent increase in attacks, followed by finance and government; while attacks on retailers and wholesalers declined 67 percent, which topped the rankings last year
- The five countries with the most attacks were the United States, the United Kingdom, the Netherlands, Canada and Russia.
- Among the most frequently exploited brand names include Microsoft, Binance, Netflix, Facebook and Adobe
- AI tools like ChatGPT and phishing kits have contributed significantly to the growth of phishing by lowering the technical barriers to entry for criminals, saving them time and resources
- SMS phishing (SMiShing) continues to evolve into more voicemail-related phishing (vishing) and lures more victims into opening malicious attachments
- A cloud-native, proxy-based, zero-trust architecture is critical for businesses to protect against evolving phishing attacks
The report examines 12 months of global phishing data from the world's largest inline security cloud to identify the latest trends, emerging tactics, and the industries and regions most affected by phishing attacks. According to the latest report, the majority of modern phishing attacks are based on stolen credentials, demonstrating the growing threat of Adversary-in-the-Middle (AitM) attacks and increasing use of the InterPlanetary File System (IPFS). In addition, more attacks are based on phishing kits obtained from black markets or using AI tools such as ChatGPT.
Phishing Kits and AI Tools
“Phishing remains one of the most common threat types used by cybercriminals to penetrate global enterprise infrastructures. The number of phishing attacks, which are becoming more and more sophisticated, is increasing every year. Threat actors are using phishing kits and AI tools to launch highly effective email, SMiShing, and vishing campaigns at scale,” said Deepen Desai, Global CISO and Head of Security at Zscaler. “AitM attacks, fueled by the growth of phishing-as-a-service, allow attackers to bypass traditional security models, including multi-factor authentication. To protect their IT environment, a zero-trust architecture is recommended, which organizations can use to significantly reduce their attack surface, thereby preventing compromise or reducing the impact in the event of a successful attack.”
ChatGPT threats
The emergence of new AI technologies like ChatGPT has made it easier for cybercriminals to generate malicious code, conduct BEC (Business Email Compromise) attacks, and develop polymorphic malware that makes it difficult for victims to detect phishing. Malicious actors are also increasingly hosting their phishing sites on the InterPlanetary File System (IPFS), a peer-to-peer distributed file system that allows users to store and share files on a decentralized computer network. Due to the peer-to-peer network model, removing a phishing site hosted on IPFS is much more difficult. Additionally, the Zscaler ThreatLabz team recently discovered a large-scale phishing campaign that included Adversary-in-The-Middle attacks. AiTM attacks use techniques that can bypass traditional multi-factor authentication methods.
Voice mail phishing
Vishing or phishing campaigns based on voice messages have evolved from SMS or SMiShing attacks. In these vishing attacks, the attackers use snippets of real management voice and send voicemails with these recorded messages. This pressures recipients to take actions, such as transferring money or submitting login credentials. Many US organizations have become the target of vishing attacks. Scams involving applications on LinkedIn and job sites are also on the rise. Unfortunately, in 2022, many large Silicon Valley companies made the difficult decision to cut jobs. As a result, cyber criminals used fake job postings, websites, portals, and forms to lure job seekers. Victims often go through a full interview, and then are asked to make expenses with promises of reimbursement.
Brand names as a lure
Cyber criminals have had a lot of success using impersonation to exploit well-known consumer product and technology brands in their campaigns. Microsoft was once again the most imitated brand of the year. Almost 31 percent of attacks use the scam to trick victim organizations into accessing various Microsoft business applications and thereby stealing credentials. Cryptocurrency exchange Binance accounted for 17 percent of fake brand name attacks, with phishers posing as fake customer representatives from banks or P2P companies. Big brands like Netflix, Facebook and Adobe rounded out the top 20 most impersonated and phished brands.
Top target for phishing attacks
The US remains the country most frequently targeted by phishing attacks. The data shows that more than 65 percent of all phishing attempts took place in the US, compared to 60 percent last year. While the US still leads the way, the research found a staggering increase in phishing attempts in Canada (718%), the UK (269%), Russia (199%) and Japan (92%). In Hungary and Singapore, on the other hand, attempts fell by 90% and 48% respectively. The ThreatLabz team believes Singapore's decline is due to government efforts with cybersecurity investments, including Cyber Security Agency (CSA) initiatives.
Phishing attacks targeting education and healthcare
The education industry saw the largest increase in phishing attempts in 2022, rising from eighth to first place with a 576 percent increase. The ThreatLabz team believes the application process for student loan repayments and debt relief in the US in 2022 played a role in this increase. The other five most-attacked industries include finance, insurance, government and healthcare, with the number of attack attempts increasing from nearly 31 million in 2021 to over 114 million in 2022. Retail and wholesale, which topped the list of top attack targets last year, saw a 67 percent decline. The service industry also saw a 38 percent drop from attempts in 2021.
Defense against phishing attacks
Given that the average business receives phishing emails on a daily basis, the financial losses from malware and ransomware attacks can quickly add up to year-over-year IT costs. Dealing with these everyday threats is a responsible IT security task and while the risk of phishing threats cannot be completely eliminated, IT and security teams can learn from observed incidents. Zscaler recommends the following best practices to control phishing risk: Risks need to be better understood to improve policies and strategies. Automated tools and threat intelligence can help reduce phishing incidents. The implementation of zero trust architectures makes it possible to limit the radius of action of attacks that have taken place. Timely training strengthens security awareness supports the reporting of phishing attempts by users Simulated phishing attacks help to identify gaps in your own security programs.
More at Zscaler.com
About Zscaler Zscaler accelerates digital transformation so customers can become more agile, efficient, resilient, and secure. Zscaler Zero Trust Exchange protects thousands of customers from cyberattacks and data loss by securely connecting people, devices, and applications anywhere. The SSE-based Zero Trust Exchange is the world's largest inline cloud security platform, distributed across 150+ data centers around the world.