Phishing attacks hit all-time high in December 2021

APWG saw 316,747 phishing attacks in December 2021 — the highest monthly total observed since it begain its reporting program in 2004. Overall, the number of phishing attacks has tripled from early 2020.

In the fourth quarter of 2021, the financial sector, which includes banks, became the most frequently attacked cohort, accounting for 23.2 percent of all phishing. Attacks against webmail and software-as-a-service (SaaS) providers remained prevalent as well. Phishing against cryptocurrency targets — such as cryptocurrency exchanges and wallet providers — inched up to represent 6.5 percent of attacks.

Overall, the number of brands that were attacked in 4Q descended from a record 715 in September 2021, cresting at 682 in November for the Q4 period.

Abnormal Security observed 4,200 companies, organizations, and government institutions falling victim to ransomware in Q4 2021, some 36 percent higher than in Q3 2021 and the highest number the company has witnessed over the past two years.

“The overall distribution of ransomware victims indicates that ransomware attacks are industry-agnostic,” said Crane Hassold, Director of Threat Intelligence at Abnormal Security.

“Like with other financially-motivated cyber-attacks, the focus of most ransomware attacks is more about the ability to quickly profit from the exploitation of a corporate network and less about the characteristics of the victim company itself.”

The top industries impacted by ransomware in Q4 2021 were manufacturing, retail & wholesale, business services, construction, and healthcare.

BEC attacks declined

PhishLabs analyzed malicious emails reported by corporate users and categorized them by threat type. It found that in Q4 2021: 51.8 percent of them were credential theft phishing attacks; 38.6 percent were response-based attacks (such as BEC, 419, and gift card scams); and 9.6 percent were malware delivery attacks.

Agari found that the average amount requested in wire transfer BEC attacks in Q4 2021 was $50,027, down from $64,353 in Q3 2021. This decrease was because scammers requested fewer big-dollar transfers over $100,000. RiskIQ also observed a surge in phishing continued along with an increase in the overall number of phishing emails And Axur found that phishing in Brazil went down in Q4, a pleasantly surprising development during the holiday shopping season.

Agari found that domain name registrar NameCheap was the primary registrar used by cybercriminals to register the domain names for BEC attacks in 4Q 2021. NameCheap accounted for more than half of all BEC domain registrations, with Google and GoDaddy each making up 8 percent. As the name implies, NameCheap is one of the least expensive places to register a domain. This is likely a factor in its popularity with scammers.

RiskIQ found that the 13,947 confirmed phishing URLs reported to APWG in Q4 2021 were hosted on just 1,444 unique second-level domains. In comparison, in Q3 RiskIQ analyzed 4,340 confirmed phishing URLs and found that they were hosted on 2,649 unique second-level domains — almost twice as many domains.