Hook, Line, and Sinker: Phishing Landscape in 2022

Some stats your way

• Phishing emails witnessed a 569% surge and credential phishing attacks accounted for an increase of 478%.
• The use of malware in these attacks increased by 44%, with Emotet and Qakbot being the top malware families. 
• The use of Web3 technologies in phishing campaigns went up by 341%, while the use of Telegram bots for exfiltration saw an 800% rise. 
• Another report by Open Text Cybersecurity, noted a 56% increase in HTTPS phishing sites. 
• Moreover, the total volume of scam URLs increased by 30% between 2021 and 2022.

Latest phishing trends

• ChatGPT scams - Owing to its massive popularity, ChatGPT has gained huge attention from attackers. In February, attackers were found using typosquatting domains for phishing attacks. These dupe websites impersonated the official ChatGPT website and tricked the users into downloading Aurora Stealer and Lumma Stealer, among other malware.
• Promoting phishing kits - Such kits have gained quite some popularity in the underground, as they allow low-skilled threat actors to conduct attacks without much effort. In one such instance, the DEV-1101 threat actor was found promoting its AiTM phishing kit that boasted quite a lot of functionalities. 
• SVB crisis - While talking about trends, the first one that comes to mind is the wave of BEC attacks right after the SVB crisis. It is to be noted that BEC attacks, for the eighth consecutive year, accounted for one of the top cybercrimes that resulted in financial losses. 

Stay calm and defend