Highlights –

  • Over the course of six months in 2022, SlashNext examined more than a billion links, malicious attachments, and natural language threats detected in email, mobile, and browser channels.
  • The report discovered that the most common method of breaching, credential harvesting, accounted for 76% of the attacks discovered in 2022.

According to SlashNext’s (a leader in SaaS-based Integrated Cloud Messaging Security) most recent State of Phishing study, there’s been an 80% increase in phishing threats coming from accounts on reputable providers like Microsoft, Amazon Web Services, or Google. It noted that almost a third (32%) of all threats are now hosted on trusted services.

The report also discovered that there were more than 255 million attacks in 2022, a 61% rise in phishing attacks from 2021.

The results show that older security measures, such as firewalls, secure email gateways, and proxy servers, are no longer effective in preventing assaults, particularly as malicious actors increasingly start attacks from trusted services and commercial and personal messaging apps.

The data for the report is drawn from a sample of threats identified by SlashNext security products. Over the course of six months in 2022, SlashNext examined more than a billion links, malicious attachments, and natural language threats detected in email, mobile, and browser channels. The statistics show a sharp rise in phishing scams, as well as a new surface of tactics as hybrid work and the usage of personal mobile devices for work, continue to be popular trends.

Important insights from the report

The report discovered that the most common method of breaching, credential harvesting, accounted for 76% of the attacks discovered in 2022. Additionally, 54% of threats discovered by SlashNext in 2022 were zero-hour attacks, a 48% increase over the end of 2021 in terms of zero-hour threats.

Cybercriminals are shifting their attacks to personal and mobile communication channels to target employees. Attacks on mobile devices increased by 50%, according to SlashNext, with frauds and credential theft topping the list of payloads.

According to SlashNext’s research findings, enterprises must switch from outdated security procedures and last-generation tools to a modern security strategy that includes strong Artificial Intelligence (AI) phishing controls that cover a broad spectrum of threats and address the varied types of phishing attacks.

Healthcare, Professional and scientific services, and Information Technology are the top three attack sectors.

Experts’ Talk

Patrick Harr, CEO, SlashNext, said, “With today’s transition to hybrid working, phishing attacks are becoming more prevalent than ever. Mobile phishing and credential harvesting are exploding and affecting business reputations, finances, and, most importantly, data loss. With new methods of phishing attacks appearing year over year, enterprises need more robust phishing protection to protect better this expanding attack surface and companies’ most valuable assets.”

Harr continued, “As the phishing landscape continues to expand, cybercriminals are becoming more calculated in their attacks, using automation and AI techniques. How people work today has increased users’ exposure to cyberattacks, adding to the threats organizations already face. The bad guys know most email has at least some protections in place and have therefore been turning their attention to alternative forms of messaging, including texting, Slack, WhatsApp, and more. This trend, combined with the fact that employees increasingly use the same devices for both work and personal purposes, has accelerated phishing across multiple channels.”