Zscaler observed nearly 880 million phishing attacks in 2021. The number of attempts rose by 29 percent worldwide.

Zscaler develops a security platform for business networks and endpoints. The platform monitors more than 40 billion data transactions per day. Suspicious traffic is intercepted and interpreted. This gives Zscaler a wealth of threat information, which is incorporated into annual reports, including the ThreatLabz Phishing Report. This year’s edition sheds light on phishers’ attack methods and targets.

The number of attacks worldwide rose by 29 percent to 873.9 million. The Netherlands was one of the most affected countries, along with the United States, Germany, Singapore and the United Kingdom. The number of successful attacks dropped significantly in some countries. Awareness is rising.

Most attackers targeted retailers and wholesalers. Attacks on these sectors increased by more than 400 percent. Healthcare saw a notable decrease of 59 percent.

In addition, more and more cybercriminals are moving away from e-mail phishing. As end users become warier of suspicious emails, SMS phishing increases. Finally, Scaler saw an increase in phishing-as-a-service solutions, wherein cybercriminals lower the entry threshold by providing a set of prebuilt tools as a service.

The figures are consistent with recent reports from the FBI and IBM. According to the FBI Internet Crime Complaint Center, phishing attempts are the most commonly reported attack type. IBM uses billions of data points to track cybercrime, and recently stated that half of all cyberattacks in 2021 are enabled by phishing.

Phishing-as-a-service

Zscaler highlights the rise of phishing-as-a-service. “It’s becoming increasingly accessible to non-technical cybercriminals”, shares a spokesperson. “Cybercriminals are selling prebuilt phishing tools and attack frameworks on the darkweb.”

“It’s easier than ever to carry out successful attacks”, adds Deepen Desai, CISO and VP of Security Research and Operations at Zscaler. “Companies need to consider SSL inspection, AI detection and a multi-faceted strategy to defend themselves.”

Tip: Security industry is fundamentally broken — base investments on hard evidence