SlashNext’s State of Phishing Report Reveals More Than 255 Million Attacks in 2022, Signaling a 61% Increase in Phishing Year-Over-Year

Bad Actors Are Targeting Hybrid Workers and Personal Messaging Apps, with One-Third of Threats Now Hosted on Trusted Services such as Microsoft, Google, and AWS

SlashNext, the leader in SaaS-based Integrated Cloud Messaging Security across email, web, and mobile today released the SlashNext State of Phishing Report for 2022. SlashNext analyzed billions of link-based URLs, attachments and natural language messages in email, mobile and browser channels over six months in 2022, and found more than 255 million attacks – a 61% increase in the rate of phishing attacks compared to 2021. The findings highlight that previous security strategies, including secure email gateways, firewalls, and proxy servers are no longer stopping threats, especially as bad actors increasingly launch these attacks from trusted serves and business and personal messaging apps.

“With today’s transition to hybrid working, phishing attacks are becoming more prevalent than ever,” said Patrick Harr, CEO, SlashNext. “Mobile phishing and credential harvesting are exploding and affecting business reputations, finances and most importantly, data loss. With new methods of phishing attacks appearing year over year, enterprises need more robust phishing protection to better protect this expanding attack surface and companies’ most valuable assets.”

Marketing Technology News: Polygraph: US Click Fraud Rate Decreased By 12% During “Golden Week”

Key findings of the report include:

  • Cybercriminals are moving their attacks to mobile and personal communication channels to reach employees. SlashNext recorded a 50% increase in attacks on mobile devices, with scams and credential theft at the top of the list of payloads.
  • In 2022, SlashNext detected an 80% increase in threats from trusted services such as Microsoft, Amazon Web Services or Google, with nearly one-third (32%) of all threats now being hosted on trusted services.
  • 54% of all threats detected by SlashNext in 2022 were zero-hour threats, showing how hackers are shifting tactics in real-time to improve success
  • 76% of threats were targeted spear-phishing credential harvesting attacks
  • Top 3 attack sectors are Healthcare, Professional and Scientific Services, and Information Technology

“As the phishing landscape continues to expand, cybercriminals are becoming more calculated in their attacks, using automation and AI techniques,” continued Harr. “How people work today has increased users’ exposure to cyberattacks, adding to the threats organizations already face. The bad guys know most email has at least some protections in place, and have therefore been turning their attention to alternative forms of messaging including texting, Slack, WhatsApp and more. This trend, combined with the fact that employees increasingly use the same devices for both work and personal purposes, has accelerated phishing across multiple channels.”

Current security tools and processes like security awareness training, reputation-based and relationship graph technologies cannot keep pace with many of these new attack trends. Organizations must move from traditional security practices and last-generation tools to a modern security strategy including robust AI phishing controls that addresses all variations of phishing attacks and provides a broad range of protections.

Marketing Technology News: MarTech Interview with Andrew (Andy) Kieffer, CEO of Voxfeed

Brought to you by
For Sales, write to: contact@martechseries.com
Copyright © 2024 MarTech Series. All Rights Reserved.Privacy Policy
To repurpose or use any of the content or material on this and our sister sites, explicit written permission needs to be sought.