Report: Advanced Phishing Attacks Grew By 356 Percent in 2022

A report recently published by Perception Point, a provider of advanced threat prevention across digital channels, has identified a 356% growth in the amount of advanced phishing attacks attempted by threat actors in 2022. Overall, the total number of attacks increased by 87%, highlighting the growing threat that cyber-attacks now pose to organizations.

Perception Point’s ‘2023 Annual Report: Cybersecurity Trends & Insights‘ examines cyber threats based on intelligence gathered from the company’s Advanced Threat Prevention solutions, which intercept attacks across email, web browsers, and cloud collaboration apps.

Throughout 2022, Perception Point’s Incident Response team analyzed several unique and concerning trends which are detailed in the report. Firstly, malicious actors continue to gain widespread access to new tools and advances in Artificial Intelligence (AI) and Machine Learning (ML) which simplify and automate the process of generating attacks.

Consequently, they are increasingly able to effortlessly launch sophisticated attacks – many of which are characterized by social engineering as well as evasion techniques, such as URL redirection, which make it difficult for the victim to identify them as malicious.

The report also identified how the threat landscape is changing due to the rapid adoption of new cloud collaboration apps, cloud storage, and services for productivity and external collaboration. Threat actors have pivoted their attack toolkits, reaching beyond email and web browsers to these apps and services. While email and the browser remain the leading attack vectors, 2022 saw a 161% surge in attacks on all other channels, such as cloud storage and collaboration apps.

Phishing proved to be the most pervasive threat, accounting for 67.4% of all attacks. 2022 also saw a significant increase in Business Email Compromise (BEC) attacks, which grew by 83%. BEC attacks, in which cybercriminals impersonate legitimate businesses and leverage social engineering techniques as well as thread hijacking to obtain large sums of money or confidential data, are often difficult for traditional email security solutions to detect.

In addition, these types of attacks, which are text-based, target individual employees, who are the weakest link in an organization’s security chain – even when they are highly trained.

“As the global threat landscape continues to evolve, we are sharing vital data that portrays the meteoric rise in the number of attacks, combined with increasingly sophisticated attack techniques that are designed to breach and damage organizations,” said Yoram Salinger, CEO of Perception Point. “This report clarifies the need for organizations to be vigilant in protecting their people from modern threats across the multiple business and collaboration channels, augmenting or replacing traditional security systems with effective prevention and rapid remediation services when required.”

Some additional findings include:

  • A 363% rise in phone scam attacks over 2022. In these attacks, attackers pose as legitimate companies and leverage social engineering techniques to invoke the user to call various support phone numbers. When the targets call, they are prompted by “helpful support teams” to provide personal information.
  • Microsoft was the brand most impersonated in malicious email, 3.3x more than the next most impersonated brand, LinkedIn.
  • Advanced attacks, which are complex, sophisticated, and can cause the greatest damage to the organization, made up 2% of all threats, but this proportion rose significantly when analyzing particular channels. Advanced attacks constituted 31.9% of the total on file storage tools, and some 56.9% on Amazon S3 buckets.

The full report can be viewed here.

Featured

  • It's Show Time

    I am one of those people that likes to see things get bigger and better. As advertised, ISC West is going to be bigger (more exhibitors) and better (more attendees). It’s show time in Las Vegas. Read Now

    • Industry Events
    • ISC West
  • SIA Releases New Report on Operational Security Technology

    The Security Industry Association (SIA) has released an impactful new resource – Operational Security Technology: Principles, Challenges and Achieving Mission-Critical Outcomes Leveraging OST. Read Now

  • Cyber Overconfidence Is Leaving Your Organization Vulnerable

    The increased sophistication of cyber threats pumped by the relentless use of AI and machine learning brings forth record-breaking statistics. Cyberattacks grew 44% YoY in 2024, with a weekly average of 1,673 cyberattacks per organization. While organizations up their security game to help thwart these attacks, a critical question remains: Can employees identify a threat when they come across one? A Confidence Gap survey reveals that 86% of employees feel confident in their ability to identify phishing attempts. But things are not as rosy as they appear; the more significant part of the report finds this confidence misplaced. Read Now

  • Mission 500 Debuts Refreshed Identity Ahead of Security 5K/2K at ISC West

    Mission 500, the security industry’s nonprofit charity dedicated to supporting children in need across the US, Canada, and Puerto Rico, has unveiled a refreshed brand identity ahead of ISC West. The charity’s new look includes a modernized logo with refined messaging to reinforce Mission 500’s nearly decade-long commitment to serving the needs of children and families in crisis. Read Now

    • Industry Events

New Products

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.