“Year-over-year, we continue to see an increase in the number of phishing attacks which are becoming more sophisticated in nature.”
With this statement, Global CISO and Head of Security Deepen Desai at Zscaler responds to new research data. Zscaler analyzed phishing data from its security cloud to identify current trends and emerging tactics. Alarmingly, the number of phishing attacks worldwide increased by nearly 50 percent from 2021.
“Phishing remains one of the most prevalent threat vectors cybercriminals utilize to breach global organizations,” Desai said. “Threat actors are leveraging phishing kits & AI tools to launch highly effective e-mail, SMiShing, and Vishing campaigns at scale. AitM attacks supported by growth in Phishing-as-a-Service have allowed attackers to bypass traditional security models, including multi-factor authentication.”
In particular, Zscaler highlights the emergence of large language model ChatGPT. Such a new technique makes it easier to create malicious code, generate Business Email Compromise attacks and develop malware. Other security companies also warn that ChatGPT is being used as an accomplice in cybercrime.
On the other hand, Zscaler sees phishing papers increasingly hosting on IPFS, a peer-to-peer file system that lets users store and share files from a decentralized network of computers. This network makes it more difficult to remove a phishing page hosted on IPFS.
In addition to the increasing use of AI to mount attacks, Zscaler recently discovered a large campaign based on Adversary-in-the-Middle attacks. Such attacks use techniques that can bypass multi-factor authentication.
Phishing in education
When looking a bit more closely at industries that are heavily affected by phishing, education stands out in particular. This infustry experienced the largest increase (576 percent) in phishing attempts in 2022. This brings education from the eighth place to first place as a target. Zscaler suspects that the application process for paying off student debt plays a major role in the increase.
The financial, insurance, government and healthcare industries complement the top five. These industries had almost 31 million attempts in 2021, while last year reached 114 million attempts.