Global phishing attacks have hit a new high in 2021 as new attack vectors and phishing-as-a-service methods emerged. One of the reasons that this type of attack grows in prevalence every year is its low barrier to entry. Moreover, cybercriminals take advantage of current events such as the Covid-19 pandemic or cryptocurrency to trick victims to hand over their confidential data.
Phishing rises by 29%
A new report from Zscaler reveals that phishing attacks showed a dramatic 29% growth as a record of 873.9 million attacks were observed globally in 2021.
A majority of these attacks used productivity tools, illegal streaming sites, shopping sites, social media platforms, financial institutions, and logistical services as a lure to target victims.
Organizations in the retail and wholesale sectors were the most targeted entities, experiencing over a 400% increase in phishing attacks in the last 12 months.
The U.S. was the most targeted country, accounting for 60% of all phishing attacks. The next frequently attacked countries were Singapore, Germany, the Netherlands, and the U.K.
Researchers also noted that SMS phishing is emerging as one of the prevalent attack methods of intrusion as users become more cautious of suspicious emails.
Phishing-as a-service: A growing threat
While phishing has long been one of the most common tactics used in cyberattacks by sophisticated threat actors, it has become more accessible to low-skilled cybercriminals due to a maturing underground marketplace for attack frameworks and services.
In one such incident, researchers discovered thousands of MitM phishing toolkits being used in the wild to intercept 2FA security codes. These toolkits also enabled the attackers to steal authentication cookie files from computers.
BitB attack can add more trouble
A new phishing technique, recently demonstrated by a researcher, is capable of making phishing attacks nearly invisible.
Dubbed Browser-in-the-Browser, the technique relies on single sign-on options on websites and can enable attackers to harvest credentials from Facebook, Google, Apple, or Microsoft without users’ knowledge.
The bottom line
Researchers claim that an average-sized organization receives dozen of phishing emails every day. This means that employees at all levels must be aware of the most common phishing tactics and trained to spot phishing attempts that can result in financial loss and damage an organization’s reputation.