Phishing hits record high; APWG observes one million attacks in the first quarter of 2022
The decline of cybercriminal gangs reduces the spread of ransomware by 25% in Q1 2022
CAMBRIDGE, Mass., June 07, 2022 (GLOBE NEWSWIRE) — The new Phishing Trends Report reveals that in the first quarter of 2022, the APWG observed 1,025,968 total phishing attacks, the worst quarter for phishing observed by the APWG to date. This quarter was the first time the three-month total exceeded one million. APWG saw 384,291 attacks in March 2022, which was a record monthly total.
In Q1 2022, APWG founding member OpSec Security reported that phishing attacks against the financial sector, which includes banks, remained the largest set of attacks, accounting for 23.6% of all phishing. Attacks against webmail and software-as-a-service (SAAS) providers also remained common, while attacks against retail/e-commerce sites fell from 17.3% to 14.6% after the holiday shopping season. Phishing against social media services increased significantly from 8.5% of all attacks in 4Q2021 to 12.5% in 1Q2022. Phishing against cryptocurrency targets, such as cryptocurrency exchanges and wallet providers, fell from 6.5 in the prior quarter to 6.6% of attacks.
John Wilson, senior threat researcher at APWG member HelpSystems, tracks the spoofing technique known as “Business Email Compromise” (BEC). Wilson noted that “In the first quarter of 2022, 82% of business email compromise messages were sent from free webmail accounts. Of these, 60% used Gmail.com. For the 18% of messages BECs sent from domains controlled by attackers, NameCheap was the most popular registrar.
“A third of all maliciously registered domains used for BEC attacks were registered through NameCheap,” Wilson pointed out.
APWG member PhishLabs by HelpSystems analyzes malicious emails reported by enterprise users. John LaCour, Senior Product Strategist at PhishLabs by HelpSystems, said, “In the first quarter of 2022, we saw a 7% increase in phishing credential theft against enterprise users, up to nearly 59% of all malicious emails. LaCour also noted that spoofing attacks accounted for 47% of social media threats, up from 27% in the prior quarter.
“A lot of companies don’t realize their executives are being impersonated on social media. It’s a huge business risk,” LaCour said.
On another front, APWG member Abnormal Security documents the dangerous nature of ransomware for all manner of businesses. Abnormal Security found that the total number of ransomware attacks decreased by 25% in the first three months of 2022, falling to a level similar to that observed by Abnormal in the third quarter of 2021. This decrease appears to be primarily caused by a sharp drop in attacks from two prolific cybercriminal gangs, Pysa and Conti, known to develop and deploy large-scale ransomware.
Crane Hassold, Director of Threat Intelligence at Abnormal Security, said “The demise of Pysa and the significant drop in attack volume from Conti clearly had a substantial impact on the overall ransomware landscape in the first quarter of the year. This demonstrates the centralized nature of the ransomware landscape, which means that a relatively small number of groups are responsible for the majority of attacks, which also means that any action taken against these groups (disrupting law enforcement, downtime of infrastructure, etc.) can have a noticeable impact on the overall volume of attacks.
“It’s very different from something like BEC, which is highly decentralized, where removing dozens or even hundreds of actors wouldn’t have as much of an overall impact on attack volume because there’s no no ‘head of the snake’ to go after,” Hassold said.
The top industries hit by ransomware in the fourth quarter of 2021 were manufacturing, business services, finance, and retail and wholesale businesses, Hassold said.
The full text of the report is available here: https://docs.apwg.org/reports/apwg_trends_report_q1_2022.pdf
About the APWG
Founded in 2003, the Anti-Phishing Working Group (APWG) is a global coalition of industry, law enforcement and government focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and telecommunications operators, the law enforcement community, solution providers, multilateral treaty organizations, research centers, professional associations and government agencies. More than 2,200 companies, government agencies and NGOs participate in the APWG worldwide. The APWG (www.apwg.org) and websites
For media inquiries regarding the APWG, please contact APWG General Secretary Peter Cassidy ([email protected], +1.617.669.1123). Or for company-specific content related to this release, please contact: Anil Prasad at Abnormal Security (www.abnormalsecurity.com/contact), Stefanie Wood Ellis of OpSec Security ([email protected]); Rachel Woodford of Agari ([email protected]), Eduardo Schultze of Axur ([email protected],+55 51 3012-2987); Stacy Shelley of PhishLabs ([email protected], +1.843.329.7824); RiskIQ’s Holly Hitchcock ([email protected]).
Phishing attacks, 2Q2021 – 1Q2022
Industries affected by ransomware, 1Q2022
Most targeted industries, 1Q2022
Registrars used to register BEC attack domains, Q1 2022
This content was published via the newswire.com press release distribution service.