Phishing on the rise, email is not the only resource for attackers

In 2021, Zscaler monitored nearly 874 million attacks. Alongside the scams sent by email, the phenomenon of smishing is growing. Published on 27 April 2022 by Redazione

Phishing never goes out of fashion, indeed it grows at a rapid pace. In 2021, Zscaler's cloud security technologies detected (out of an average of 200 billion transactions monitored every day) about 873.9 million attacks in this category, a number that marks a growth of 29% compared to 2020 levels. if email remains the preferred attack vector, in the last year there has also been a growth in the phenomenon of smishing, ie phishing campaigns via SMS, delivered directly to the victims' phones.

On a geographic basis, the attacks focused particularly on the United States (60% of total volumes), Singapore, Germany, the Netherlands and the United Kingdom, while from the point of view of the type of victim there was a strong increase of activities aimed at the retail and wholesale sectors were the most affected (+ 400% in the space of a year), followed by the financial services sector and the Public Administration. Attacks targeting the healthcare sector, on the other hand, fell by as much as 59%, as a natural readjustment after a boom in 2020.

As for the campaign themes, the arguments exploited to build scam attempts mainly concerned productivity tools (such as Office applications), illegal streaming sites, shopping sites, social media platforms, financial institutions and logistics services. On the mechanisms of attack construction, Zscaler highlights the rise of "phishing as-a-Service", a phenomenon similar to that observed for other types of cyber threats, such as ransomware.

"Phishing attacks affect businesses and consumers with alarming complexity, scope and frequency given the rise in phishing-as-a-Service making it easier than ever for less experienced criminals to launch successful attacks," commented Deepen Desai, Ciso and Zscaler's vice president of Security Research and Operations. "Our annual report highlights how cybercriminals continue to intensify the use of phishing as a starting point for hacking into companies and spreading ransomware or stealing sensitive data."

According to Zscaler, the adoption of cloud-native security technologies based on the "zero trust" logic is important to defend against advanced phishing attacks. The most important technological ingredients are the SSL traffic inspection capabilities and detection based on artificial intelligence or machine learning. It is also useful to carry out proactive checks to block high-risk destinations, such as newly registered domains (which cybercriminals often use and abuse), and it is advisable to adopt data loss prevention (Dlp) technologies to secure data.

COMMENT: as you can read in other articles, we have an extremely effective system of protection against Phishing of malicious links in emails. We are ready to study other solutions in collaboration with other companies. The new startup XEROMER was born in May with a highly selected group of partners who count on our twenty years of experience in ICT and cyber-security.