All kinds of cyberattack patterns and methods are out there to get user data, which include phishing, recruitment scams, brand imitation, direct-path attacks, and attacks related to the pro-Russia Killnet group. Incidents regarding these methods of obtaining user data are pouring in.
Education was the most targeted industry, with attacks increasing by 576%, followed by finance and government, while last year’s top target, retail and wholesale, dropped by 67%. Also, the top five most targeted countries were the US, the UK, the Netherlands, Canada, and Russia.
Also, SMS phishing (SMiShing) has evolved to more voicemail-related phishing (Vishing), luring more victims into opening malicious attachments. In this light, Cloud-native proxy-based Zero Trust architecture is critical for organizations to defend against evolving phishing attacks
“Phishing remains one of the most prevalent threat vectors cybercriminals utilize to breach global organizations. Year-over-year, we continue to see an increase in the number of phishing attacks which are becoming more sophisticated in nature. Threat actors are leveraging phishing kits & AI tools to launch highly effective e-mail, SMiShing, and Vishing campaigns at scale”, said Deepen Desai, Global CISO and Head of Security, Zscaler.
AitM attacks supported by growth in Phishing-as-a-Service have allowed attackers to bypass traditional security models, including multi-factor authenticationDeepen Desai, Global CISO and Head of Security, Zscaler
“AitM attacks supported by growth in Phishing-as-a-Service have allowed attackers to bypass traditional security models, including multi-factor authentication. To protect their environment, organizations should adopt a Zero Trust architecture to significantly minimize the attack surface, prevent compromise, and reduce the blast radius in case of a successful attack,” he added.
ThreatLabz recently discovered a large-scale phishing campaign that involves Adversary-in-The-Middle attacks. AiTM attacks use techniques capable of bypassing conventional multi-factor authentication methods.
Vishing, or voicemail-themed phishing campaigns, have evolved from SMS or SMiShing attacks. Attackers are using real voice snippets of the executive team in these vishing attacks by leaving a voicemail of these pre-recorded messages. Then, recipients are pressured into taking action, like transferring money or providing credentials. Many US-based organizations have been targeted using Vishing attacks.
Recruitment scams on LinkedIn and other job recruiting sites are also on the rise. Unfortunately, in 2022, many big businesses in Silicon Valley made the tough decision to downsize. As a result, cybercriminals leveraged fake job postings, sites, portals, and forms to attract job seekers. Victims would often undergo an entire interview process, with some even being asked to purchase supplies to be reimbursed later.
Cybercriminals often find success when impersonating popular consumer and technology brands. Microsoft was once again the most imitated brand of the year, accounting for nearly 31% of attacks as the attackers phished for access to various Microsoft corporate applications of the victim organizations. Cryptocurrency exchange Binance accounted for 17% of imitated brand attacks, with phishers posing as fake customer representatives from banks or P2P companies. Big brands like Netflix, Facebook, and Adobe rounded out the top 20 most imitated and phished brands.
In March, Internet and cybersecurity company Cloudflare revealed a list of the top 50 brands scammers are trying to impersonate, which includes AT&T, the IRS, PayPal and Microsoft. According to the FBI, these phishing attacks are the fastest growing Internet crime, a threat to both consumers and businesses, in which bad actors attempt to steal sensitive information like usernames, passwords, credit card numbers, bank account information or other important data.
AT&T tops the list as the #1 phished brand. PayPal (#2) and Microsoft (#3) followed, with logistics and shipping company DHL in fourth place. Finance, technology, and telecom brands were the most commonly impersonated industries in Cloudflare’s findings, likely due to the unprecedented access and financial benefit that bank accounts, email and social media, and phone companies can give attackers.
In April, Netscout Systems, Inc. a cybersecurity company revealed findings that point to a new era of multi-vector attacks focused on taking down victims using application-layer and botnet-based, direct-path attacks. Attack frequency has increased tenfold since NETSCOUT’s first report in 2005.
Direct-path attacks have increased by 18% over the past three years, while traditional reflection/amplification attacks decreased by nearly the same, highlighting the need for a hybrid defense approach to weather the fluctuating attack methodology.
In February, Cloudflare detected and mitigated dozens of hyper-volumetric DDoS attacks, the majority of which peaked in the ballpark of 50-70 million requests per second (rps) with the largest exceeding 71 million rps. This is the largest reported HTTP DDoS attack on record, more than 35% higher than the previously reported record of 46M rps in June 2022.
The US national security sector experienced a massive increase in attacks related to the pro-Russia Killnet group, including a spike in attacks after President Biden’s public remarks at the G7 Summit and another spike the same day the French and US presidents re-affirmed their support for Ukraine.
With over one billion websites worldwide, HTTP/HTTPS application-layer attacks have increased by 487% since 2019, with the most significant surge in the second half of 2022. Much of the increase comes from Killnet and others that explicitly target websites. Attacks of this nature preceded the Ukraine invasion, knocking out critical financial, government, and media sites.
Also, NETSCOUT ASERT analysts tracked over 1.35 million bots from malware families like Mirai, Meris, and Dvinis in 2022, with enterprises receiving over 350,000 security-related alerts with botnet involvement. By contrast, service providers received approximately 60,000 alerts where bots were present.
Carpet-bombing attacks, a technique that simultaneously targets entire IP address ranges, increased by 110% from the first to the second half of 2022, with most attacks against ISP networks.