Phishing attacks exploded during the COVID-19 pandemic - and show now signs of slowing down. We sat down with Patrick Harr, CEO of SlashNext, to discuss the company's recent State of Phishing Report as well as how organizations can combat the threat of phishing.
What was most surprising about this report's findings?
The SlashNext State of Phishing Report for 2022 analyzed billions of link-based URLs, attachments and natural language messages in email, mobile and browser channels over six months in 2022, and compared results against our 2021 State of Phishing Report. Not surprisingly, we observed a 61% increase in the rate of phishing attacks, which equates to 255 million attacks in just six months.
However what is surprising is how quickly attackers are evolving their methods to exploit remote work and corporate BYOD policies, meeting targets exactly where they are using digital devices for both work and personal purposes. For example, SlashNext recorded a 50% increase in attacks on mobile devices, with scams and credential theft at the top of the list of payloads. We also detected an 80% increase in threats from trusted services such as Microsoft, Amazon Web Services and Google – nearly one-third of all threats are now embedded/hosted on these types of trusted services.
How do these findings align with the top security challenges organizations are facing?
Cybercriminals know that email today has at least some protections in place, and they also know that the use of personal mobile devices continues to be a trend. Therefore it’s no surprise that we’re seeing an increase in the amount of attacks launched via mobile devices and other communication channels. People are the most vulnerable part of any organization when it comes to phishing, scams and fraud, and phishing continues to be the most effective and far-ranging tool to perpetrate cybersecurity breaches including ransomware and data theft. The SlashNext State of Phishing Report found that 76% of attacks identified in 2022 were credential harvesting, which is the number one cause of breaches. The headline-grabbing breaches of Twilio, Cisco and Uber all started with credential theft.
What is the danger of zero-hour threats?
Zero-hour threats are designed to make the biggest impact and wreak the most havoc before security controls detect and block them. 54% of all threats detected by SlashNext in 2022 were zero-hour threats, a 48% increase since our 2021 report. This massive increase in a relatively short timespan illustrates how bad actors are modifying their tactics in real-time to improve their success rate.
These threats come from link-based attacks, malicious attachments, and natural language threats, and are highly personalized to the victim. Yet at the same time, the amount of effort it takes cybercriminals to launch these personalized attacks is decreasing dramatically thanks to their use of automation and machine learning. Cybercriminals can send thousands of targeted spear phishing attacks using automation and machine learning to match data to build detailed lists of targets, creating highly unique and customized attacks. This tactic enables the threat to bypass many threat detection engines for hours and sometimes days, giving the bad guys a big headstart.
What can organizations and employees do to combat these threats?
To combat the evolving tactics bad actors are employing to launch more and more phishing attacks, enterprise security controls should include AI-based technology that
preemptively hunts threats and includes the ability to scan for threats in real-time. Offering cybersecurity training to employees should always be part of the equation, but training alone cannot stop the speed, scale, and sophistication of zero-hour threats. Without this technology, users and organizations are at great risk of suffering a breach. Once a user’s credentials are compromised, the threat is further mobilized and can be catastrophic to the enterprise, leading to the loss of critical business, customer or IP data, decreased shareholder value, lawsuits, financial payouts, and more. Companies need a platform that can provide zero-hour protection across email, mobile, and web messaging apps including Outlook, Gmail, LinkedIn, WhatsApp, Telegram, Slack, Microsoft Teams and others – everywhere employees are communicating today, be it for personal or work reasons.