Phishing Attacks Up 50%, Education Sector Most Targeted
Phishing attacks rose nearly 50 percent in 2022 compared to 2021 and education was the most targeted industry, with attacks increasing by 576 percent, a report showed on Tuesday.
Other sectors that faced the brunt were finance and government, while 2021’s top target, retail and wholesale, dropped by 67 percent, according to cloud security leader Zscaler.
The top five most targeted countries were the US, the UK, the Netherlands, Canada, and Russia.
Top targeted brands include Microsoft, Binance, Netflix, Facebook, and Adobe, said the report.
“Threat actors are leveraging phishing kits and AI tools to launch highly effective e-mail, SMiShing, and Vishing campaigns at scale”, said Deepen Desai, Global CISO and Head of Security, Zscaler.
AI tools like ChatGPT and Phishing Kits have significantly contributed to the growth of phishing, reducing the technical barriers to entry for criminals and saving them time and resources.
The report found that a majority of modern phishing attacks rely on stolen credentials and outlined the growing threat from Adversary-in-the-Middle attacks, increased use of the InterPlanetary File System (IPFS), as well as reliance on phishing kits sourced from black markets and AI tools like ChatGPT.
Vishing, or voicemail-themed phishing campaigns, have evolved from SMS or SMiShing attacks.
Attackers are using real voice snippets of the executive team in these vishing attacks by leaving a voicemail of these pre-recorded messages.
Then, recipients are pressured into taking action, like transferring money or providing credentials. Many US-based organizations have been targeted using Vishing attacks.
Recruitment scams on LinkedIn and other job recruiting sites are also on the rise, said the report.
Microsoft was once again the most imitated brand of the year, accounting for nearly 31 percent of attacks as the attackers phished for access to various Microsoft corporate applications of the victim organizations.