Phishing hits record high; APWG observes one million attacks in the first quarter of 2022

The decline of cybercriminal gangs reduces the spread of ransomware by 25% in Q1 2022

CAMBRIDGE, Mass., June 07, 2022 (GLOBE NEWSWIRE) — The new Phishing Trends Report reveals that in the first quarter of 2022, the APWG observed 1,025,968 total phishing attacks, the worst quarter for phishing observed by the APWG to date. This quarter was the first time the three-month total exceeded one million. APWG saw 384,291 attacks in March 2022, which was a record monthly total.

In Q1 2022, APWG founding member OpSec Security reported that phishing attacks against the financial sector, which includes banks, remained the largest set of attacks, accounting for 23.6% of all phishing. Attacks against webmail and software-as-a-service (SAAS) providers also remained common, while attacks against retail/e-commerce sites fell from 17.3% to 14.6% after the holiday shopping season. Phishing against social media services increased significantly from 8.5% of all attacks in 4Q2021 to 12.5% ​​in 1Q2022. Phishing against cryptocurrency targets, such as cryptocurrency exchanges and wallet providers, fell from 6.5 in the prior quarter to 6.6% of attacks.

John Wilson, senior threat researcher at APWG member HelpSystems, tracks the spoofing technique known as “Business Email Compromise” (BEC). Wilson noted that “In the first quarter of 2022, 82% of business email compromise messages were sent from free webmail accounts. Of these, 60% used For the 18% of messages BECs sent from domains controlled by attackers, NameCheap was the most popular registrar.

“A third of all maliciously registered domains used for BEC attacks were registered through NameCheap,” Wilson pointed out.

APWG member PhishLabs by HelpSystems analyzes malicious emails reported by enterprise users. John LaCour, Senior Product Strategist at PhishLabs by HelpSystems, said, “In the first quarter of 2022, we saw a 7% increase in phishing credential theft against enterprise users, up to nearly 59% of all malicious emails. LaCour also noted that spoofing attacks accounted for 47% of social media threats, up from 27% in the prior quarter.

“A lot of companies don’t realize their executives are being impersonated on social media. It’s a huge business risk,” LaCour said.

On another front, APWG member Abnormal Security documents the dangerous nature of ransomware for all manner of businesses. Abnormal Security found that the total number of ransomware attacks decreased by 25% in the first three months of 2022, falling to a level similar to that observed by Abnormal in the third quarter of 2021. This decrease appears to be primarily caused by a sharp drop in attacks from two prolific cybercriminal gangs, Pysa and Conti, known to develop and deploy large-scale ransomware.

Crane Hassold, Director of Threat Intelligence at Abnormal Security, said “The demise of Pysa and the significant drop in attack volume from Conti clearly had a substantial impact on the overall ransomware landscape in the first quarter of the year. This demonstrates the centralized nature of the ransomware landscape, which means that a relatively small number of groups are responsible for the majority of attacks, which also means that any action taken against these groups (disrupting law enforcement, downtime of infrastructure, etc.) can have a noticeable impact on the overall volume of attacks.

“It’s very different from something like BEC, which is highly decentralized, where removing dozens or even hundreds of actors wouldn’t have as much of an overall impact on attack volume because there’s no no ‘head of the snake’ to go after,” Hassold said.

The top industries hit by ransomware in the fourth quarter of 2021 were manufacturing, business services, finance, and retail and wholesale businesses, Hassold said.

The full text of the report is available here:

About the APWG

Founded in 2003, the Anti-Phishing Working Group (APWG) is a global coalition of industry, law enforcement and government focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and telecommunications operators, the law enforcement community, solution providers, multilateral treaty organizations, research centers, professional associations and government agencies. More than 2,200 companies, government agencies and NGOs participate in the APWG worldwide. The APWG ( and websites offer the public, industry and government agencies practical information on phishing and electronic fraud, as well as pointers to pragmatic technical solutions that provide immediate protection. The APWG is co-founder and co-manager of STOP. THINK. RELATE. Messaging Convention, the global collaboration to raise public awareness of online safety ( and founder/curator of the eCrime Researchers Summit, the world’s only peer-reviewed conference devoted specifically to electronic crime studies ( The APWG advises hemispheric and global business groups and multilateral organizations such as the European Commission, the G8 Sub-Group on High-Tech Crime, the Council of Europe Convention on Cybercrime, the Office of United Nations on Drugs and Crime, Organization for Security and Cooperation in Europe, Europol EC3 and Organization of American States. The APWG is a member of the Steering Group of the Commonwealth Cybercrime Initiative of the Commonwealth of Nations. APWG corporate sponsors include: 418 Intelligence, Abnormal, Accenture, Acronis, Afilias, AGARI, AhnLab, AT&T, Allure Security, AREA 1, AIT, appgate, Avast, Awayr AI, AXUR, BW CIRT, Bambenek Consulting, Banelco CSIRT, Bolster, BrandShield, Browser, ByteDance, Canva, CaixaBank, Check Point, Cisco, CLARO, Cloudflare, CLOUDMARK, COFENSE, Coinbase, Comcast, CSC, CSIRT BANELCO, CSIS, Cyan Digital Security, CYREN, Cyxtera, CZ.NIC , DS Lab, DigiCert, dmarcian, DNS Belgium, DomianTools, EBRAND, Entrust Datacard, ESET, Facebook, FirstRand, Fortinet, FraudWatch, GetResponse, GMS Securidad, GoDaddy Registry, Group-IB, Guidewire. Hitachi Systems, .ID, ICANN, Infoblox, Ingressum, INKY Technology Company, IQ Global, iThreat, Kaspersky, KnowBe4, Lenos Software, LINE, Looking Glass, LSEC, Mailshell, McAfee, Microsoft, Mimecast, NAVER, Netcraft, NetSTAR, Nominet , Opera, OpSec Security, Palo Alto Networks, PANDI, PayPal, PhishLabs, Proofpoint, Qintel, Rakuten, Recorded Future, Redsift, REDIRIS, ReversingLabs, RiskIQ, RSA, S2W Lab, SafeGuard Cyber, Salesforce, Secutec, SIDN, SlashNext, Sopos , SWITCH, Symantec, Tessian. Thomsen Trampedach, ThreatSTOP, TNO, TrendMicro, Trustwave, Twilio, Unbiased Security, Vade, Verisign, Viettel Cyber ​​Security, Webroot, workday, ZeroFOX, ZibaSec, ZIX and zvelo.

Media Contacts

For media inquiries regarding the APWG, please contact APWG General Secretary Peter Cassidy ([email protected], +1.617.669.1123). Or for company-specific content related to this release, please contact: Anil Prasad at Abnormal Security (, Stefanie Wood Ellis of OpSec Security ([email protected]); Rachel Woodford of Agari ([email protected]), Eduardo Schultze of Axur ([email protected],+55 51 3012-2987); Stacy Shelley of PhishLabs ([email protected], +1.843.329.7824); RiskIQ’s Holly Hitchcock ([email protected]).

Related images

Image 1: Phishing attacks, 2Q2021 – 1Q2022

Phishing attacks, 2Q2021 – 1Q2022

Image 2: Industries victimized by ransomware, 1Q2022

Industries affected by ransomware, 1Q2022

Image 3: Most targeted industries, 1Q2022

Most targeted industries, 1Q2022

Image 4: Registrars used to register BEC attack domains, Q1 2022

Registrars used to register BEC attack domains, Q1 2022

This content was published via the press release distribution service.


Comments are closed.