Annual Phishing Report Highlights New and Evolving Phishing Campaigns Resulting from the Rise of AI Platforms, like ChatGPT, Urges Organisations to Adopt a Zero Trust Architecture. Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today released the findings of its 2023 ThreatLabz Phishing Report.
The report views 12 months of global phishing data from the world’s largest in-line security cloud to identify the latest trends, emerging tactics, and which industries and regions are most impacted by phishing attacks.
The report found that a majority of modern phishing attacks rely on stolen credentials and outlined the growing threat from Adversary-in-the-Middle (AitM) attacks, increased use of the InterPlanetary File System (IPFS), as well as reliance on phishing kits sourced from black markets and AI tools like ChatGPT.
“Phishing remains one of the most prevalent threat vectors cybercriminals utilise to breach global organisations. Year-over-year, we continue to see an increase in the number of phishing attacks which are becoming more sophisticated in nature. Threat actors are leveraging phishing kits & AI tools to launch highly effective e-mail, SMiShing, and Vishing campaigns at scale”,” said Deepen Desai, Global CISO and Head of Security, Zscaler.
Key Research Findings
- Phishing attacks around the world rose nearly 50% in 2022 compared to 2021
- Education was the most targeted industry, with attacks increasing by 576%, followed by finance and government, while last year’s top target, retail and wholesale, dropped by 67%
- The top five most targeted countries were the United States, the United Kingdom, the Netherlands, Canada, and Russia
- Top targeted brands include Microsoft, Binance, Netflix, Facebook, and Adobe
- AI tools like ChatGPT & Phishing Kits have significantly contributed to the growth of phishing, reducing the technical barriers to entry for criminals and saving them time and resources
- SMS phishing (SMiShing) evolves to more voicemail-related phishing (Vishing), luring more victims into opening malicious attachments
- Cloud-native proxy-based Zero Trust architecture is critical for organisations to defend against evolving phishing attacks
The Rise in New and Evolving Threats like ChatGPT
The emergence of new AI technology and large language models like ChatGPT have made it easier for cybercriminals to generate malicious code, Business Email Compromise (BEC) attacks, and develop polymorphic malware that makes it harder for victims to identify phishing.
Malicious actors are also increasingly hosting their phishing pages on the InterPlanetary File System (IPFS), a distributed peer-to-peer file system that allows users to store and share files on a decentralised network of computers. It is much more difficult to remove a phishing page hosted in IPFS because of its peer-to-peer network aspect.
ThreatLabz recently discovered a large-scale phishing campaign that involves Adversary-in-The-Middle attacks. AiTM attacks use techniques capable of bypassing conventional multi-factor authentication methods.
Vishing, or voicemail-themed phishing campaigns, have evolved from SMS or SMiShing attacks. Attackers are using real voice snippets of the executive team in these vishing attacks by leaving a voicemail of these pre-recorded messages. Then, recipients are pressured into taking action, like transferring money or providing credentials. Many US-based organisations have been targeted using Vishing attacks.
Recruitment scams on LinkedIn and other job recruiting sites are also on the rise. Unfortunately, in 2022, many big businesses in Silicon Valley made the tough decision to downsize. As a result, cybercriminals leveraged fake job postings, sites, portals, and forms to attract job seekers. Victims would often undergo an entire interview process, with some even being asked to purchase supplies to be reimbursed later.
Name Brands Used To Lure Victims
Cybercriminals often find success when impersonating popular consumer and technology brands. Microsoft was once again the most imitated brand of the year, accounting for nearly 31% of attacks as the attackers phished for access to various Microsoft corporate applications of the victim organisations.
Cryptocurrency exchange Binance accounted for 17% of imitated brand attacks, with phishers posing as fake customer representatives from banks or P2P companies. Big brands like Netflix, Facebook, and Adobe rounded out the top 20 most imitated and phished brands.