Report: Advanced Phishing Attacks Grew By 356 Percent in 2022

A report recently published by Perception Point, a provider of advanced threat prevention across digital channels, has identified a 356% growth in the amount of advanced phishing attacks attempted by threat actors in 2022. Overall, the total number of attacks increased by 87%, highlighting the growing threat that cyber-attacks now pose to organizations.

Perception Point’s ‘2023 Annual Report: Cybersecurity Trends & Insights‘ examines cyber threats based on intelligence gathered from the company’s Advanced Threat Prevention solutions, which intercept attacks across email, web browsers, and cloud collaboration apps.

Throughout 2022, Perception Point’s Incident Response team analyzed several unique and concerning trends which are detailed in the report. Firstly, malicious actors continue to gain widespread access to new tools and advances in Artificial Intelligence (AI) and Machine Learning (ML) which simplify and automate the process of generating attacks.

Consequently, they are increasingly able to effortlessly launch sophisticated attacks – many of which are characterized by social engineering as well as evasion techniques, such as URL redirection, which make it difficult for the victim to identify them as malicious.

The report also identified how the threat landscape is changing due to the rapid adoption of new cloud collaboration apps, cloud storage, and services for productivity and external collaboration. Threat actors have pivoted their attack toolkits, reaching beyond email and web browsers to these apps and services. While email and the browser remain the leading attack vectors, 2022 saw a 161% surge in attacks on all other channels, such as cloud storage and collaboration apps.

Phishing proved to be the most pervasive threat, accounting for 67.4% of all attacks. 2022 also saw a significant increase in Business Email Compromise (BEC) attacks, which grew by 83%. BEC attacks, in which cybercriminals impersonate legitimate businesses and leverage social engineering techniques as well as thread hijacking to obtain large sums of money or confidential data, are often difficult for traditional email security solutions to detect.

In addition, these types of attacks, which are text-based, target individual employees, who are the weakest link in an organization’s security chain – even when they are highly trained.

“As the global threat landscape continues to evolve, we are sharing vital data that portrays the meteoric rise in the number of attacks, combined with increasingly sophisticated attack techniques that are designed to breach and damage organizations,” said Yoram Salinger, CEO of Perception Point. “This report clarifies the need for organizations to be vigilant in protecting their people from modern threats across the multiple business and collaboration channels, augmenting or replacing traditional security systems with effective prevention and rapid remediation services when required.”

Some additional findings include:

  • A 363% rise in phone scam attacks over 2022. In these attacks, attackers pose as legitimate companies and leverage social engineering techniques to invoke the user to call various support phone numbers. When the targets call, they are prompted by “helpful support teams” to provide personal information.
  • Microsoft was the brand most impersonated in malicious email, 3.3x more than the next most impersonated brand, LinkedIn.
  • Advanced attacks, which are complex, sophisticated, and can cause the greatest damage to the organization, made up 2% of all threats, but this proportion rose significantly when analyzing particular channels. Advanced attacks constituted 31.9% of the total on file storage tools, and some 56.9% on Amazon S3 buckets.

The full report can be viewed here.

Featured

  • The Yellow Brick Road

    The road to and throughout Wednesday's and Thursday's ISC West was crowded but it was amazing. Read Now

    • Industry Events
    • ISC West
  • An Inside Look From Napco at ISC West

    Get a look into the excitement at ISC West 2025 from Napco. Hear from some of their top-tech executives live from the show floor. Read Now

    • Industry Events
    • ISC West
  • Upping the Ante

    I am not a betting man in terms of cards, dice, blackjack or that wheel with the black marble racing around the circumference of a spinning wheel, but I would bet on the success of ISC West this year. Read Now

    • Industry Events
    • ISC West
  • It's Show Time

    I am one of those people that likes to see things get bigger and better. As advertised, ISC West is going to be bigger (more exhibitors) and better (more attendees). It’s show time in Las Vegas. Read Now

    • Industry Events
    • ISC West
  • SIA Releases New Report on Operational Security Technology

    The Security Industry Association (SIA) has released an impactful new resource – Operational Security Technology: Principles, Challenges and Achieving Mission-Critical Outcomes Leveraging OST. Read Now

New Products

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.