SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
New research finds alarming jump in phishing attacks
Thu, 11th Nov 2021
FYI, this story is more than a year old

There has been an alarming jump in phishing attacks, according to a new report from digital risk protection solutions firm PhishLabs.

The Quarterly Threat Trends and Intelligence Report from PhishLabs shows phishing remains the dominant attack vector for bad actors, growing 31.5 per cent over 2020.

The report highlights alarming advances in the scale and sophistication of phishing attacks perpetrated by the adversary against organisations.

Notably, attacks in September 2021 were more than twice as high as the previous year, according to the report.

Phishing was the most common type of cybercrime in 2020 and phishing incidents nearly doubled in frequency, from 114,702 incidents in 2019, to 241,324 incidents in the following year. The FBI said there were more than 11 times as many phishing complaints in 2020 compared to 2016.

“While we saw a drop early this summer in phishing volume, threat actors didn't take the whole summer off," says John LaCour, founder and chief executive officer of PhishLabs.

"Attacks have been on the rise since July and surged in September. If these trends continue, many IT security teams will find themselves dealing with a deluge of threats over the holidays,” he says.

Additional key findings of the PhishLabs Quarterly Threat Trends and Intelligence Report include:

Social Media Attacks Skyrocket in 2021
Since January, the average number of Social Media attacks per target climbed steadily, up 82 per cent year-to-date.

Vishing is Increasing
Vishing incidents more than doubled in number for the second consecutive quarter, suggesting a shift in tactics as threat actors seek to evade email security controls.

O365 Users Beware
In the third quarter, 51.6 per cent of credential theft phishing attacks reported by corporate users targeted O365 logins.

PII Grows on the Dark Web, Leveraging Chat Services
The sale of Personally Identifiable Information accounted for 12 per cent of dark web threats and was primarily made up of threat actors marketing employee email addresses to black market buyers. In 56 per cent of PII sales, chat-based services were used to market the data.

“The continued climb in social media threats makes it imperative that businesses prioritise visibility across platforms such as Twitter, Facebook, Instagram, and more," says LaCour.

"As seasonal hiring ramps up for the holidays, the staffing industry in particular needs to be prepared to deal with online impersonation and other scams,” he says.

PhishLabs analysed and mitigated hundreds of thousands of attacks targeting enterprise brands and employees in the third quarter of 2021. The report uses this intelligence to determine key trends shaping the threat landscape.

PhishLabs by HelpSystems is a cyber threat intelligence company that delivers Digital Risk Protection through curated threat intelligence and complete mitigation. PhishLabs provides brand impersonation, account takeover, data leakage and social media threat protection in one solution.