Bad Actors Are Targeting Hybrid Workers and Personal Messaging Apps, with One-Third of Threats Now Hosted on Trusted Services such as Microsoft, Google, and AWS
PLEASANTON, Calif. – October 26 – SlashNext, the leader in SaaS-based Integrated Cloud Messaging Security across email, web, and mobile today released the SlashNext State of Phishing Report for 2022. SlashNext analyzed billions of link-based URLs, attachments and natural language messages in email, mobile and browser channels over six months in 2022, and found more than 255 million attacks – a 61% increase in the rate of phishing attacks compared to 2021. The findings highlight that previous security strategies, including secure email gateways, firewalls, and proxy servers are no longer stopping threats, especially as bad actors increasingly launch these attacks from trusted services and business and personal messaging apps.
“With today’s transition to hybrid working, phishing attacks are becoming more prevalent than ever,” said Patrick Harr, CEO, SlashNext. “Mobile phishing and credential harvesting are exploding and affecting business reputations, finances and most importantly, data loss. With new methods of phishing attacks appearing year over year, enterprises need more robust phishing protection to better protect this expanding attack surface and companies’ most valuable assets.”
Key findings of the report include:
- Cybercriminals are moving their attacks to mobile and personal communication channels to reach employees. SlashNext recorded a 50% increase in attacks on mobile devices, with scams and credential theft at the top of the list of payloads.
- In 2022, SlashNext detected an 80% increase in threats from trusted services such as Microsoft, Amazon Web Services or Google, with nearly one-third (32%) of all threats now being hosted on trusted services.
- 54% of all threats detected by SlashNext in 2022 were zero-hour threats, showing how hackers are shifting tactics in real-time to improve success
- 76% of threats were targeted spear-phishing credential harvesting attacks
- Top 3 attack sectors are healthcare, Professional and Scientific Services and Information Technology
“As the phishing landscape continues to expand, cybercriminals are becoming more calculated in their attacks, using automation and AI techniques,” continued Harr. “How people work today has increased users’ exposure to cyberattacks, adding to the threats organizations already face. The bad guys know most email has at least some protections in place, and have therefore been turning their attention to alternative forms of messaging including texting, Slack, WhatsApp and more. This trend, combined with the fact that employees increasingly use the same devices for both work and personal purposes, has accelerated phishing across multiple channels.”
Current security tools and processes like security awareness training, reputation-based and relationship graph technologies cannot keep pace with many of these new attack trends. Organizations must move from traditional security practices and last-generation tools to a modern security strategy including robust AI phishing controls that addresses all variations of phishing attacks and provides a broad range of protections.
The full report is available at this link: https://www.slashnext.com/the-state-of-phishing-2022/
To join the discussion, attend The State of Phishing Webinar on November 17th at 11:00 AM PT Register here: https://www.slashnext.com/the-state-of-phishing-webinar
SlashNext protects the modern workforce from malicious messages across all digital channels. SlashNext Complete™ integrated cloud messaging security platform utilizes patented AI technology with 99.9% accuracy to detect threats in real-time to stop zero-hour threats in email, mobile and web Messaging Apps across M365, Gmail, LinkedIn, What’sApp, Telegram, Slack, Teams and others messaging channels. Take advantage of SlashNext’s Integrated Cloud Messaging Security for email, browser, and mobile to protect your organization from data theft and financial fraud breaches today.
Lumina Communications for SlashNext