© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Retail and wholesale saw over 400% increase in phishing attacks

Phishing attacks rose 29% globally last year. Retail and wholesale were the most targeted industries, with a 436% increase in phishing attacks.

Cloud security company Zscaler observed 874 million phishing attacks over the last 12 months. Rising phishing activity is linked to phishing-as-a-service options, which reduce technical barriers for criminals.

Overall, phishing attacks rose by 29%, with retail and wholesale companies bearing the brunt of the increase. They saw a massive 436% leap in phishing attacks in 2021, boosting it from the fifth-most phished industry to first, ahead of last year’s leader, manufacturing.

“Phishing attacks are impacting businesses and consumers with alarming frequency, complexity, and scope - with the rise in phishing-as-a-service making it easier than ever for non-sophisticated actors to launch successful attacks,” Deepen Desai, CISO and VP of Security Research and Operations at Zscaler, is quoted in a press release.

According to the company, criminals capitalized on the pandemic-fueled rise in consumer spending on goods, driving the increase in attacks against these industries.

Criminals continue to escalate phishing as a starting point to breach organizations and deliver ransomware or steal sensitive information.

In 2021, the US accounted for over 60% of all phishing attacks detected and blocked by the Zscaler security cloud. It has been the most targeted country for years. Several other nations have recently seen a steep rise in phishing, including an 829% increase in Singapore, a 799% increase in Russia, a 342% increase in France, and a 331% increase in the United Kingdom.

Several industries experienced partial relief from phishing in 2021. For example, the rate of phishing against healthcare fell by 59%. The technology sector saw a 15% decrease in phishing attacks. However, Zscaler said that the overall rate of encrypted attacks against tech companies rose by over 20x – highlighting the growth in malware, exploits, and other non-phishing attack types against those companies.

Criminals frequently impersonate popular brands to scam consumers. Last year, Microsoft was the most impersonated brand, accounting for more than 31% of attacks.

Threat actors also exploited illegal streaming sites (13,6% of phishing scams), with spikes during such events as the Tokyo Olympics. COVID-themed attacks accounted for another 7,2% of phishing scams.

“To defend against advanced phishing attacks, organizations must leverage a multi-pronged defensive strategy anchored on a cloud-native zero trust platform that unifies full SSL inspection with AI/ML-powered detection to stop the most sophisticated phishing attempts and phishing kits, lateral movement prevention, and integrated deception to limit the blast radius of a compromised user, proactive controls to block high-risk destinations such as newly registered domains that are often abused by threat actors, and in-line DLP to safeguard against data theft,” Desai said.

More from Cybernews:

A day in the life of a Ukraine cyber soldier

Top company bosses are being headhunted – by threat actors

British retailer Funky Pigeon suspends digital orders following a “cyber incident”

China cyber spies fewer but more focused, says study

The US vows to stop satellite-destroying tests

The US warns North Korean hackers focus on blockchain firms

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked