Phishing attacks increase 61 percent over last year

A new report analyzing billions of link-based URLs, attachments and natural language messages in email, mobile and browser channels over six months in 2022, finds more than 255 million phishing attacks -- a 61 percent increase compared to 2021.

The study from messaging security company SlashNext shows earlier security strategies, including secure email gateways, firewalls, and proxy servers are no longer stopping threats, as bad actors increasingly launch these attacks from trusted services and business and personal messaging apps.

"With today's transition to hybrid working, phishing attacks are becoming more prevalent than ever," says Patrick Harr, CEO of SlashNext. "Mobile phishing and credential harvesting are exploding and affecting business reputations, finances and most importantly, data loss. With new methods of phishing attacks appearing year over year, enterprises need more robust phishing protection to better protect this expanding attack surface and companies’ most valuable assets."

SlashNext recorded a 50 percent increase in attacks on mobile devices, with scams and credential theft at the top of the list of payloads. There has also been an 80 percent increase in threats from trusted services such as Microsoft, Amazon Web Services or Google, with nearly a third (32 percent) of all threats now being hosted on trusted services.

In addition 54 percent of all threats detected in 2022 were zero-hour threats, showing how hackers are shifting tactics in real-time to improve their success rate. 76 percent of threats were targeted spear-phishing credential harvesting attacks, with the top three attack sectors being healthcare, professional and scientific services, and IT.

"As the phishing landscape continues to expand, cybercriminals are becoming more calculated in their attacks, using automation and AI techniques," adds Harr. "How people work today has increased users' exposure to cyberattacks, adding to the threats organizations already face. The bad guys know most email has at least some protections in place, and have therefore been turning their attention to alternative forms of messaging including texting, Slack, WhatsApp and more. This trend, combined with the fact that employees increasingly use the same devices for both work and personal purposes, has accelerated phishing across multiple channels."

The full report is available from the SlashNext site.

Image credit: weerapat/depositphotos.com