Retail and wholesale saw over 400% increase in phishing attacks
Phishing attacks rose 29% globally last year. Retail and wholesale were the most targeted industries, with a 436% increase in phishing attacks.
Cloud security company Zscaler observed 874 million phishing attacks over the last 12 months. Rising phishing activity is linked to phishing-as-a-service options, which reduce technical barriers for criminals.
Overall, phishing attacks rose by 29%, with retail and wholesale companies bearing the brunt of the increase. They saw a massive 436% leap in phishing attacks in 2021, boosting it from the fifth-most phished industry to first, ahead of last year’s leader, manufacturing.
“Phishing attacks are impacting businesses and consumers with alarming frequency, complexity, and scope - with the rise in phishing-as-a-service making it easier than ever for non-sophisticated actors to launch successful attacks,” Deepen Desai, CISO and VP of Security Research and Operations at Zscaler, is quoted in a press release.
According to the company, criminals capitalized on the pandemic-fueled rise in consumer spending on goods, driving the increase in attacks against these industries.
Criminals continue to escalate phishing as a starting point to breach organizations and deliver ransomware or steal sensitive information.
In 2021, the US accounted for over 60% of all phishing attacks detected and blocked by the Zscaler security cloud. It has been the most targeted country for years. Several other nations have recently seen a steep rise in phishing, including an 829% increase in Singapore, a 799% increase in Russia, a 342% increase in France, and a 331% increase in the United Kingdom.
Several industries experienced partial relief from phishing in 2021. For example, the rate of phishing against healthcare fell by 59%. The technology sector saw a 15% decrease in phishing attacks. However, Zscaler said that the overall rate of encrypted attacks against tech companies rose by over 20x – highlighting the growth in malware, exploits, and other non-phishing attack types against those companies.
Criminals frequently impersonate popular brands to scam consumers. Last year, Microsoft was the most impersonated brand, accounting for more than 31% of attacks.
Threat actors also exploited illegal streaming sites (13,6% of phishing scams), with spikes during such events as the Tokyo Olympics. COVID-themed attacks accounted for another 7,2% of phishing scams.
“To defend against advanced phishing attacks, organizations must leverage a multi-pronged defensive strategy anchored on a cloud-native zero trust platform that unifies full SSL inspection with AI/ML-powered detection to stop the most sophisticated phishing attempts and phishing kits, lateral movement prevention, and integrated deception to limit the blast radius of a compromised user, proactive controls to block high-risk destinations such as newly registered domains that are often abused by threat actors, and in-line DLP to safeguard against data theft,” Desai said.
More from Cybernews:
Subscribe to our newsletter