SlashNext, a SaaS-based integrated cloud messaging security, has released the SlashNext State of Phishing Report for 2022. SlashNext analyzed billions of link-based URLs, attachments and natural language messages in email, mobile and browser channels over six months in 2022, and found more than 255 million attacks – a 61% increase in the rate of phishing attacks compared to 2021.
The findings highlight that previous security strategies, including secure email gateways, firewalls, and proxy servers are no longer stopping threats, especially as bad actors increasingly launch these attacks from trusted serves and business and personal messaging apps.
Cybercriminals are moving their attacks to mobile and personal communication channels to reach employees. SlashNext recorded a 50% increase in attacks on mobile devices, with scams and credential theft at the top of the list of payloads.
In 2022, SlashNext detected an 80% increase in threats from trusted services such as Microsoft, Amazon Web Services or Google, with nearly one-third (32%) of all threats now being hosted on trusted services.
The report said that 54% of all threats detected by SlashNext in 2022 were zero-hour threats, showing how hackers are shifting tactics in real-time to improve success. It added that 76% of threats were targeted spear-phishing credential harvesting attacks. Top 3 attack sectors are Healthcare, Professional and Scientific Services, and Information Technology.
Current security tools and processes like security awareness training, reputation-based and relationship graph technologies cannot keep pace with many of these new attack trends. Organizations must move from traditional security practices and last-generation tools to a modern security strategy including robust AI phishing controls that addresses all variations of phishing attacks and provides a broad range of protections.