For decades, phishing has been a complex and time-consuming challenge for every security team. As the findings of the ThreatLabz 2022 Phishing Report reveal, the challenge is getting harder: adversaries are getting craftier, and attackers are growing in numbers due to pre-built phishing kits available on the darknet. In this annual report, ThreatLabz offers deep insights on the current phishing threat landscape from a full year’s worth of phishing data from the world’s largest security cloud. Avoiding the latest breed of phishing attacks requires heightened awareness from users, additional context, and a zero trust approach.
From imitating popular brands like Microsoft to buying advertisements on Google and other search platforms, threat actors use a range of tactics and techniques to trick users into giving up sensitive information. Analyzing data from more than 200 billion daily transactions last year, the 2022 report found that:
Phishing attacks rose 29% in 2021 compared to 2020, driven by multiple trends:
More than 96% of attacks in our study lacked a referring domain, indicating that the victim clicked a direct link to the phishing site through their email, SMS, or another client. Email continues to be the top phishing vector, but other vectors such as SMS are growing: consumers trust text messages more than emails, and a successful SMS phishing (“SMiShing”) attack can give attackers the smartphone access that they need to bypass two-factor authentication. The top 20 referring domains included search platforms, corporate forums and marketplaces, sharing sites, e-commerce tools, and others.
Retail and wholesale saw a massive 436% leap in phishing attacks in 2021 as attackers took advantage of COVID-boosted online shopping trends. Retail and wholesale moved from the fifth-most phished industry category all the way to first, ahead of last year’s most phished industry, manufacturing.
The United States is (once again) the most targeted country in our study with more than 60% of phishing attempts. However, phishing only rose 7% in the United States in 2021, whereas the increase was much higher elsewhere. ThreatLabz breaks down the full list of the 10 most targeted countries with details on which countries saw the sharpest increases in phishing attacks during 2021.
Additionally, in this year’s report, ThreatLabz analyzes popular techniques used by phishing threat actors and explores some of the key drivers intensifying enterprise risk, including:
Industry statistics reveal that the average organization receives dozens of phishing emails daily, with financial losses snowballing as losses incurred from malware and ransomware attacks drive up the average costs of landed phishing attacks year over year. Facing all the threats outlined in this report is a big job, and while you can not completely eliminate the risk of phishing threats, you can learn from observed trends and incidents to better manage risk.
The basics for mitigating the risk of phishing attacks:
User compromise is one of the most difficult security challenges to defend against. Your organization must implement phishing prevention controls as part of a broader zero trust strategy that enables you to detect active breaches and minimize damages caused by successful breaches. The Zscaler Zero Trust Exchange is built on a holistic zero trust architecture to minimize the attack surface, prevent compromise, eliminate lateral movement, and stop data loss. Zscaler helps stop phishing in the following ways:
Zscaler Internet Access helps identify and stop malicious activity by routing and inspecting all internet traffic through the Zero Trust Exchange. Zscaler blocks:
Advanced Threat Protection blocks all known command-and-control domains.
Advanced Cloud Firewall extends command-and-control protection to all ports and protocols, including emerging C&C destinations.
Cloud Browser Isolation creates a safe gap between users and malicious web categories, rendering content as a stream of picture-perfect images to eliminate the leakage of data and the delivery of active threats.
Advanced Cloud Sandbox prevents unknown malware delivered in second stage payloads.
Zscaler Private Access safeguards applications by limiting lateral movement with least privileged access user-to-app segmentation and full in-line inspection of private app traffic.
Zscaler Deception detects and contains attackers attempting to move laterally or escalate privileges by luring them with decoy servers, applications, directories, and user accounts.
Download the 2022 Phishing Report by ThreatLabz to learn more about the latest trends in phishing attacks and to discover:
Get your copy here.
Zscaler ThreatLabz is a global threat research team with a mission to protect customers from advanced cyberthreats. Made up of more than 100 security experts with decades of experience in tracking threat actors, malware reverse engineering, behavior analytics, and data science, the team operates 24/7 to identify and prevent emerging threats using insights from 300 trillion daily signals from the Zscaler Zero Trust Exchange.
Since its inception, ThreatLabz has been tracking the evolution of emerging threat vectors, campaigns, and groups, contributing critical findings and insights on zero-day vulnerabilities, —including active IOCs and TTPs for threat actors, malware, and ransomware families, phishing campaigns, and more.
ThreatLabz supports industry information sharing and plays an integral role in the development of world-class security solutions at Zscaler. See the latest ThreatLabz threat research on the Zscaler blog.