A recent report by Perception Point, a provider of advanced threat prevention across digital channels, has uncovered alarming statistics about the growth of advanced phishing attacks attempted by threat actors. In 2022, the company detected a 356% increase in these types of attacks, while the overall total number of attacks increased by 87%.
The report highlights the growing threat that cyber attacks pose to organizations worldwide, particularly in light of the recent surge in remote working. Perception Point’s 2023 Annual Report: Cybersecurity Trends & Insights examines cyber threats based on intelligence gathered from the company’s Advanced Threat Prevention solutions, which intercept attacks across email, web browsers, and cloud collaboration apps.
As malicious actors continue to gain widespread access to new tools and advances in Artificial Intelligence (AI) and Machine Learning (ML), they also increasingly launch sophisticated attacks that use social engineering and evasion techniques. These techniques make it difficult for the victim to identify them as malicious, exacerbating the situation.
The report also reveals how the threat landscape is changing due to the rapid adoption of new cloud collaboration apps, cloud storage, and services for productivity and external collaboration. Within this new environment, threat actors have pivoted their attack toolkits to reach beyond email and web browsers, targeting cloud storage and collaboration apps as well. While email and the browser remain the leading attack vectors, 2022 saw a 161% surge in attacks on all other channels.
The report identifies phishing as the most pervasive threat, accounting for 67.4% of all attacks. 2022 also saw a significant increase in Business Email Compromise (BEC) attacks, which grew by 83%. BEC attacks occur when cybercriminals impersonate legitimate businesses and leverage social engineering techniques, as well as thread hijacking, to obtain large sums of money or confidential data. They are often difficult for traditional email security solutions to detect. These types of attacks, which are text-based, target individual employees, who are the weakest link in an organization’s security chain, even when they have received extensive training.
The report’s findings show that advanced attacks, which are complex, sophisticated, and can cause the greatest damage to the organization, made up 2% of all threats. However, this proportion rose significantly when analyzing particular channels. Advanced attacks constituted 31.9% of the total on file storage tools and an even greater 56.9% on Amazon S3 buckets.
Perception Point’s CEO, Yoram Salinger, said, “As the global threat landscape continues to evolve, we are sharing vital data that portrays the meteoric rise in the number of attacks, combined with increasingly sophisticated attack techniques that are designed to breach and damage organizations. This report clarifies the need for organizations to be vigilant in protecting their people from modern threats across multiple business and collaboration channels, augmenting or replacing traditional security systems with effective prevention and rapid remediation services when required.”
The report also found a 363% rise in phone scam attacks over 2022. Attackers pose as legitimate companies and leverage social engineering techniques to invoke the user to call various support phone numbers. When the targets call, they are prompted by “helpful support teams” to provide personal information.
The report also identifies Microsoft as the brand most impersonated in malicious email, at 3.3 times the number of impersonations of the next most impersonated brand, which was LinkedIn.
Perception Point replaces cumbersome legacy systems to prevent phishing, BEC, spam, malware, Zero-days, ATO, and other advanced attacks well before they reach end-users. Fortune 500 enterprises and organizations across the globe are preventing content-borne attacks across their email and cloud collaboration channels with the company’s patented, cloud-native, and easy-to-use service.
To view the full report, visit the Perception Point website. The report also includes detailed examples of specific attacks that were investigated and analyzed by Perception Point’s Incident Response team in 2022.