Global Phishing Attacks Hit A New Record in 2021

Phishing rises by 29%

• A new report from Zscaler reveals that phishing attacks showed a dramatic 29% growth as a record of 873.9 million attacks were observed globally in 2021.
• A majority of these attacks used productivity tools, illegal streaming sites, shopping sites, social media platforms, financial institutions, and logistical services as a lure to target victims.
• Organizations in the retail and wholesale sectors were the most targeted entities, experiencing over a 400% increase in phishing attacks in the last 12 months.
• The U.S. was the most targeted country, accounting for 60% of all phishing attacks. The next frequently attacked countries were Singapore, Germany, the Netherlands, and the U.K.
• Researchers also noted that SMS phishing is emerging as one of the prevalent attack methods of intrusion as users become more cautious of suspicious emails.

Phishing-as a-service: A growing threat

• While phishing has long been one of the most common tactics used in cyberattacks by sophisticated threat actors, it has become more accessible to low-skilled cybercriminals due to a maturing underground marketplace for attack frameworks and services.
• In one such incident, researchers discovered thousands of MitM phishing toolkits being used in the wild to intercept 2FA security codes. These toolkits also enabled the attackers to steal authentication cookie files from computers.

BitB attack can add more trouble

• A new phishing technique, recently demonstrated by a researcher, is capable of making phishing attacks nearly invisible.
• Dubbed Browser-in-the-Browser, the technique relies on single sign-on options on websites and can enable attackers to harvest credentials from Facebook, Google, Apple, or Microsoft without users’ knowledge.

The bottom line