New times demand new techniques. And if not tell the hackers who have started trying new ways to steal information, access private accounts or impersonate secure websites. This is how 2022 is going in terms of cybersecurity.
The number of phishing attacks around the world skyrocketed 29% last year as hackers managed to get around strong security measures of companies with new methods, according to security professionals.
Cybercriminals have adapted to multi-factor authentication (MFA), employee security training, and security controls, expanding who and where they attack.
While The United States continues to be the country with the most phishing attemptsothers are seeing faster growth in the number of incidents, exploiting new vectors like SMS, and lowering the barrier to entry to launch attacks through preconfigured tools.
“As organizations continue to improve their defenses to combat phishing attacks, those responsible for those threats are also evolving their tools, tactics and procedures.” explains Deepen Desai, responsible for the security study.
ThreatLabz’s report released Wednesday stems from a year’s worth of phishing data pulled from the Zscaler cloud. ThreatLabz analyzed data from more than 200 billion daily transactions and 150 million daily attacks blocked.
Microsoft, Telegram, Amazon, OneDrive and PayPal were the top brands used in phishing scamsand the retail and wholesale sectors recorded an increase of 436% over last year.
Phishing as a Service (PhaaS), like Ransomware as a Service and other similar malware, It can not only speed up the number of phishing attempts, but also makes it easier for hackers with less technical knowledge carrying out sophisticated impersonation campaigns.
Beware of Windows ToolBox, it supposedly installs Google Play in Windows 11 but it is dangerous malware
The main methods of PhaaS are phishing kits (essentially bundles with everything a threat actor needs) and open source phishing frameworkswhich can be found on code sharing forums and offer a number of features to execute specific attack functions or automate the entire process.
phishing kits, for example, they make launching attacks easier and harder to detect by the security teams.
For its part, using open source templates eliminates many of the typos, bad grammar, and unsigned certificates that security professionals often rely on to identify phishing scams.
How to detect the dangerous phishing related to Income 2020/21 denounced by the Civil Guard
Hackers are also evolving delivery vectors and techniques, such as SMiShing, which uses SMS text messages on mobile devices instead of traditional email as an entry point to engage targets.
This exists since 2006but its use is skyrocketing, with a growth of 700% in the first six months of 2021, compared to last year according to ThreatLabz researchers.
In these messages, criminals pose as business executives, high-profile brands, banking or mobile service providers, and contest organizers to lure victims into clicking phishing links.
George is Digismak’s reported cum editor with 13 years of experience in Journalism