Phishing reaches all-time high in early 2022

The APWG’s Phishing Activity Trends Report reveals that in the first quarter of 2022 there were 1,025,968 total phishing attacks—the worst quarter for phishing observed to date. This quarter was the first time the three-month total has exceeded one million. There were 384,291 attacks in March 2022, which was a record monthly total.

In the first quarter of 2022, OpSec Security reported that phishing attacks against the financial sector, which includes banks, remained the largest set of attacks, accounting for 23.6 percent of all phishing. Attacks against webmail and software-as-a-service (SaaS) providers remained prevalent as well, while attacks against retail/ecommerce sites fell from 17.3 to 14.6 percent after the holiday shopping season.

Phishing against social media services rose markedly, from 8.5 percent of all attacks in 4Q2021 to 12.5 percent in 1Q2022. Phishing against cryptocurrency targets—such as cryptocurrency exchanges and wallet providers—inched up from 6.5 in the previous quarter to 6.6 percent of attacks.

John Wilson, Senior Fellow of Threat Research at HelpSystems, tracks the identity theft technique known as business e-mail compromise (BEC). Wilson noted that “In the first quarter of 2022, 82 percent of Business Email Compromise messages were sent from free webmail accounts. Of those, 60 percent used Gmail.com. For the 18 percent of BEC messages sent from attacker-controlled domains, NameCheap was the most popular registrar.

“One third of all maliciously registered domains use for BEC attacks were registered via NameCheap,” Wilson pointed out.

PhishLabs by HelpSystems analyzes malicious emails reported by corporate users. John LaCour, Principal Product Strategist at PhishLabs by HelpSystems, said that “In the first quarter of 2022, we observed a 7 percent increase in credential theft phishing against enterprise users, up to nearly 59 percent of all malicious emails.” LaCour also noted that impersonation attacks were 47 percent of social media threats, up from 27 percent the prior quarter.

“A lot of companies don’t realize that their executives are being spoofed on social media. This is a huge business risk,” said LaCour.

On another front, Abnormal Security documents the dangerous nature of ransomware for all kinds of companies. The total number of ransomware attacks decreased by 25 percent in the first three months of 2022, falling to a similar level observed in the third quarter of 2021. This decrease seems to be primarily caused by a big drop in attacks from two prolific cybercrime gangs, Pysa and Conti, known to develop and deploy ransomware at scale.

Crane Hassold, Director of Threat Intelligence at Abnormal Security, said that “The disappearance of Pysa and the significant drop in attack volume from Conti clearly had a substantial impact in the overall ransomware landscape in the first quarter of the year. This demonstrates the centralized nature of the ransomware landscape, meaning a relatively small number of groups are responsible for a majority of attacks. This also means that any actions taken against those groups (law enforcement disruption, infrastructure takedown, etc.) can have a noticeable impact on overall attack volume.

“This is very different from something like BEC, which is highly decentralized, where the removal of dozens or even hundreds of actors wouldn’t have that much of an overall impact on attack volume because there is no ‘head of the snake’ to go after,” Hassold said.

The top industries impacted by ransomware in Q4 2021 were manufacturing, business services, finance, and retail and wholesale firms, said Hassold.