Virtualization Technology News and Information
Phishing Reaches Record High; APWG Observes One Million Attacks in First Quarter of 2022
The APWG's new Phishing Activity Trends Report reveals that in the first quarter of 2022 the APWG observed 1,025,968 total phishing attacks-the worst quarter for phishing that APWG has observed to date. This quarter was the first time the three-month total has exceeded one million. APWG saw 384,291 attacks in March 2022, which was a record monthly total.

In the first quarter of 2022, APWG founding member OpSec Security reported that phishing attacks against the financial sector, which includes banks, remained the largest set of attacks, accounting for 23.6 percent of all phishing. Attacks against webmail and software-as-a-service (SAAS) providers remained prevalent as well, while attacks against retail/ecommerce sites fell from 17.3 to 14.6 percent after the holiday shopping season. Phishing against social media services rose markedly, from 8.5 percent of all attacks in 4Q2021 to 12.5 percent in 1Q2022. Phishing against cryptocurrency targets-such as cryptocurrency exchanges and wallet providers-inched up from 6.5 in the previous quarter to 6.6 percent of attacks.

John Wilson, Senior Fellow of Threat Research at APWG member HelpSystems, tracks the identity theft technique known as "business e-mail compromise" (BEC). Wilson noted that "In the first quarter of 2022, 82 percent of Business Email Compromise messages were sent from free webmail accounts. Of those, 60 percent used For the 18 percent of BEC messages sent from attacker-controlled domains, NameCheap was the most popular registrar.

"One third of all maliciously registered domains use for BEC attacks were registered via NameCheap," Wilson pointed out.

APWG member PhishLabs by HelpSystems analyzes malicious emails reported by corporate users. John LaCour, Principal Product Strategist at PhishLabs by HelpSystems, said that "In the first quarter of 2022, we observed a 7 percent increase in credential theft phishing against enterprise users, up to nearly 59 percent of all malicious emails." LaCour also noted that impersonation attacks were 47 percent of social media threats, up from 27 percent the prior quarter.  

"A lot of companies don't realize that their executives are being spoofed on social media. This is a huge business risk," said LaCour.

On another front, APWG member Abnormal Security documents the dangerous nature of ransomware for all kinds of companies. Abnormal Security found the total number of ransomware attacks decreased by 25 percent in the first three months of 2022, falling to a similar level that Abnormal observed in the third quarter of 2021. This decrease seems to be primarily caused by a big drop in attacks from two prolific cybercrime gangs, Pysa and Conti, known to develop and deploy ransomware at scale. 

Crane Hassold, Director of Threat Intelligence at Abnormal Security, said that "The disappearance of Pysa and the significant drop in attack volume from Conti clearly had a substantial impact in the overall ransomware landscape in the first quarter of the year. This demonstrates the centralized nature of the ransomware landscape, meaning a relatively small number of groups are responsible for a majority of attacks. This also means that any actions taken against those groups (law enforcement disruption, infrastructure takedown, etc.) can have a noticeable impact on overall attack volume.

"This is very different from something like BEC, which is highly decentralized, where the removal of dozens or even hundreds of actors wouldn't have that much of an overall impact on attack volume because there is no 'head of the snake' to go after," Hassold said.

The top industries impacted by ransomware in Q4 2021 were manufacturing, business services, finance, and retail and wholesale firms, said Hassold. 

Other industry experts also chimed in on the state of phishing.

Ryan McCurdy, Vice President of Marketing at Bolster AI, a Los Altos, Calif.-based provider of automated digital risk protection:

"As the digital ecosystem expands at an accelerated rate, the modern company's public attack surface is more vulnerable than ever. The same touch points you use to connect with your customers are being exploited by attackers to phish employees, steal private data, destroy customer trust, and worse.

The significant problem that keeps organizations from being able to protect their brand, customers, and employees, is scaling detection and remediation across the massive volume of data on the web. Companies try and keep up by hiring more security analysts and bringing on point solutions, however, they quickly find that they can't hire enough people or they're left combing through haystacks of false positives.

Businesses need a platform that detects, analyses, and takes down fraudulent sites and content across the web, social media, app stores, marketplaces, and the dark web."

Patrick Harr, CEO at SlashNext, a Pleasanton, Calif.-based anti phishing company:

"Current defenses have not been adjusted to find phishing attacks. As phishing continues to grow as a vector for ransomware attacks, zero-hour, real-time threat prevention solutions are critical to prevent these threats. The ability to block employee web traffic to phishing sites, via malicious links and other vectors, and stop a ransomware attack at the start of the kill chain, is of the greatest importance."

Hank Schless, Senior Manager, Security Solutions at Lookout, a San Francisco, Calif.-based security service edge (SSE) provider:

"Phishing is an issue that grows every quarter for both consumers and enterprise users. Attackers are primarily targeting individuals through mobile channels because of the number of ways they can get to an individual. SMS, iMessage, email, social media, third party messaging apps, gaming and even dating apps all have messaging functionality that attackers use to socially engineer targets in the context of the app they’re using.

Lookout data shows a 67% increase in average quarterly exposure rates to mobile phishing attacks between 2020 and 2021. Protecting against mobile phishing is a critical part of any modern security posture as this is the most common threat vector for credential compromise, which actors use to kick off more advanced attacks like ransomware."

Published Monday, June 13, 2022 8:43 AM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<June 2022>