Page 99 - Cyber Defense eMagazine December 2022 Edition
P. 99
months in 2022. The in-depth analysis identified more than 255 million phishing attacks in 2022, or a jaw-
dropping 61% increase over 2021.
In addition, the detailed analysis revealed a 50 percent increase in attacks on mobile devices, with scams
and credential thefts topping the list of payloads. This disturbing growth trend seems to highlight that prior
security strategies – including secure email gateways, firewalls, and proxy servers – are no longer
adequate to prevent the latest phishing threats.
At this point, the cybercriminals know that most email systems have at least some phishing protections
in place. They also know that more employees are using their personal mobile devices for work purposes.
This transition has greatly increased the number of attacks targeting mobile devices and other
communication channels.
Even more alarming, the bad guys have updated their strategies to launch more phishing attacks from
trusted services and messaging apps. In fact, the threats from trusted services such as Microsoft,
Amazon Web Services, and Google are up 80% this year, with nearly one-third of all threats (32%) now
being hosted on such trusted services.
For many businesses, this increase in mobile phishing and credential harvesting has incurred costly data
losses, harmed brand reputations, and hurt the bottom line. And as the phishing landscape continues to
evolve and expand, the cybercriminals have become even more sophisticated in their use of software
automation and AI technologies to launch zero-day threats.
Such zero-day threats are designed to make the biggest impact and wreak the most havoc before security
controls can detect and block them. In turn, more than half of all threats now detected (54%) are defined
as zero-day threats, marking a 48% rise over the prior year. This uptick reveals how the hackers have
shifted to more real-time technologies to improve their success rates.
The Easiest Phishing Targets Are Distracted Employees
Fallible people continue to be the most vulnerable attack surface for phishing breaches. The attackers
have adjusted their fraudulent methods to meet targets wherever they use digital devices for both work
and personal purposes. One of the most damaging problems involves credential harvesting from an
unwitting employee’s personal account on a mobile device.
Such threats can be launched through link-based attacks, malicious attachments, or natural language
conversations that are highly personalized to trick the victim. Someone posing as an internal IT technician
can catch a distracted employee off-guard with an urgent request for logins to perform troubleshooting,
and that may be all it takes to breach the entire system.
Yet the crooks require less time and effort to launch such personalized attacks today, due to the growing
use of automation and machine learning. Cybercriminals can now send out thousands of targeted spear-
phishing attacks to detailed lists of targets, creating highly unique and customized lures. This technique
enables the bait to bypass many threat detection engines for hours and sometimes even days, giving the
attackers a huge advantage.
Providing cybersecurity training to employees should always be part of the solution, but training alone
cannot stop the speed, scale, and sophistication of never seen, zero-day attacks. Furthermore, many
Cyber Defense eMagazine – December 2022 Edition 99
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.