An analysis of by the cybersecurity firm Perception Point shows there was a major increase in advanced phishing attacks in 2022, which increased by 356% from 2021. Phishing accounted for 67.4% of cyberattacks in 2022, and there was an 83% increase in business email compromise (BEC) attacks. In total, cyberattacks increased by 87% from the previous year. While BEC attacks only account for a small percentage of attacks, the losses to these scams can be considerable and people are tricked into making very large bank transfers. Targets are typically extensively researched and the attackers often impersonate trusted vendors and trick victims into changing the bank account information for upcoming payments.
Advanced phishing attacks use malicious links in emails or websites to execute malicious payloads. These attacks typically use obfuscation techniques to evade detection and URL redirection to make it harder for users to identify the malicious websites. The websites to which users are directed spoof legitimate websites and cloaking is often used to hide the malicious content. The methods used in these advanced attacks allow threat actors to evade most email security solutions. Advanced phishing attacks commonly seek credentials. Microsoft was the most commonly impersonated brand in email attacks by some distance – 3.3x more attacks impersonated Microsoft than the second most impersonated brand, which was LinkedIn. In 2022, it became increasingly common for threat actors to use password-protected malware to prevent email security solutions from scanning files. This was particularly common in file-encryption malware (ransomware). There were two major spikes in attacks involving password-protected malware, with most of the attacks occurring in March and October.
While advanced attacks only accounted for 2% of all cyberattacks, they have the potential to cause massive damage and are complex, sophisticated, and difficult to mitigate. Advanced attacks were most common on Amazon S3 buckets, where 56.9% of attacks were categorized as advanced, and advanced attacks accounted for 31.9% of attacks on file storage tools. The researchers also identified a massive increase in phone scams in 2022, which increased by 363% from the previous year. Phone scams involve social engineering and targeted messaging, and trick people into making calls where they are convinced to disclose sensitive information such as financial information. These attacks typically start with an email that appears to have been sent by a legitimate company. The emails often include a receipt for an upcoming charge, that the user needs to call to prevent. These attacks seek sensitive information, although some scams attempt to get the user to download malicious files that provide the attacker with remote access to their computer.
The findings were published in the 2023 Annual Report: Cybersecurity Trends and Insights, which provides further information on the methods used by cybercriminals to gain access to business networks. The researchers explain that cybercriminals have been able to increase the number of attacks they conduct due to the use of artificial intelligence (AI) and machine learning (ML) tools, which have allowed them to automate the generation of sophisticated attacks, including those that use social engineering such as phishing.
“The report revealed that attackers are increasingly relying on more sophisticated techniques and targeting new channels, including cloud storage, collaboration apps, Salesforce, and Zendesk,” wrote the researchers. “Organizations must take steps to protect their most valuable assets by adopting a comprehensive approach to cybersecurity that encompasses multiple attack vectors in order to mitigate their risk.”