Report: Advanced Phishing Attacks Grew By 356 Percent in 2022

A report recently published by Perception Point, a provider of advanced threat prevention across digital channels, has identified a 356% growth in the amount of advanced phishing attacks attempted by threat actors in 2022. Overall, the total number of attacks increased by 87%, highlighting the growing threat that cyber-attacks now pose to organizations.

Perception Point’s ‘2023 Annual Report: Cybersecurity Trends & Insights‘ examines cyber threats based on intelligence gathered from the company’s Advanced Threat Prevention solutions, which intercept attacks across email, web browsers, and cloud collaboration apps.

Throughout 2022, Perception Point’s Incident Response team analyzed several unique and concerning trends which are detailed in the report. Firstly, malicious actors continue to gain widespread access to new tools and advances in Artificial Intelligence (AI) and Machine Learning (ML) which simplify and automate the process of generating attacks.

Consequently, they are increasingly able to effortlessly launch sophisticated attacks – many of which are characterized by social engineering as well as evasion techniques, such as URL redirection, which make it difficult for the victim to identify them as malicious.

The report also identified how the threat landscape is changing due to the rapid adoption of new cloud collaboration apps, cloud storage, and services for productivity and external collaboration. Threat actors have pivoted their attack toolkits, reaching beyond email and web browsers to these apps and services. While email and the browser remain the leading attack vectors, 2022 saw a 161% surge in attacks on all other channels, such as cloud storage and collaboration apps.

Phishing proved to be the most pervasive threat, accounting for 67.4% of all attacks. 2022 also saw a significant increase in Business Email Compromise (BEC) attacks, which grew by 83%. BEC attacks, in which cybercriminals impersonate legitimate businesses and leverage social engineering techniques as well as thread hijacking to obtain large sums of money or confidential data, are often difficult for traditional email security solutions to detect.

In addition, these types of attacks, which are text-based, target individual employees, who are the weakest link in an organization’s security chain – even when they are highly trained.

“As the global threat landscape continues to evolve, we are sharing vital data that portrays the meteoric rise in the number of attacks, combined with increasingly sophisticated attack techniques that are designed to breach and damage organizations,” said Yoram Salinger, CEO of Perception Point. “This report clarifies the need for organizations to be vigilant in protecting their people from modern threats across the multiple business and collaboration channels, augmenting or replacing traditional security systems with effective prevention and rapid remediation services when required.”

Some additional findings include:

  • A 363% rise in phone scam attacks over 2022. In these attacks, attackers pose as legitimate companies and leverage social engineering techniques to invoke the user to call various support phone numbers. When the targets call, they are prompted by “helpful support teams” to provide personal information.
  • Microsoft was the brand most impersonated in malicious email, 3.3x more than the next most impersonated brand, LinkedIn.
  • Advanced attacks, which are complex, sophisticated, and can cause the greatest damage to the organization, made up 2% of all threats, but this proportion rose significantly when analyzing particular channels. Advanced attacks constituted 31.9% of the total on file storage tools, and some 56.9% on Amazon S3 buckets.

The full report can be viewed here.

Featured

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events
  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

  • DHS to End ‘Shoes-Off’ Travel Policy

    Homeland Security Secretary Kristi Noem announced a new policy today which will allow passengers traveling through domestic airports to keep their shoes on while passing through security screening at TSA checkpoints. Read Now

New Products

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.