Caught in the Net: Phishing trends 2022
In over 40 percent of cyber-attacks in 2021, cyber criminals used phishing – not a surprise, since phishing attacks promise considerable success with little risk. While the attackers can largely feel safe, a single unaware employee is enough to reach the goal – a lucrative business model for criminals, and a significant risk for companies. Reason enough to take a look at current trends and how you can protect yourself and your employees from them:
Steadily rising phishing incidents:
In 2021, security experts recorded a full 200 percent increase in phishing attacks on businesses. This worrying trend will continue in the future. The widespread use of hybrid working models is creating new vulnerabilities that attackers can exploit to gain access to internal systems and sensitive data.
Increasingly professional phishing attacks:
Cyber criminals are becoming more creative in creating fake websites and emails – and more sophisticated. In 2020, around 52 percent of phishing websites imitated well-known brands such as Amazon, Netflix or PayPal. A full 72 percent even used valid HTTPS certificates to lure their victims into the trap. This trend will also be confirmed in the coming years.
New programming languages:
Whether Nim, Rust or Go – criminals are increasingly using new programming languages to smuggle malicious code past standard analysis tools. It is therefore all the more important that technical defence systems are always kept up to date in order to stay one step ahead of the attackers.
Vishing and smishing:
So-called voice phishing, also known as vishing, is on the rise worldwide – also in 2022. Unlike conventional phishing attacks, criminals pick up the phone to lure their victims with sophisticated social engineering tactics. The tactics are similar in the case of smishing, in which the bait is sent by SMS, WhatsApp or another messenger. In both cases, the attackers pretend to be a boss or colleague, but also a customer, business partner, or even a government official. By using technical tricks, the calls or short messages appear deceptively genuine and can hardly be traced. While employees are usually aware of conventional phishing attacks, they are often taken in by vishing attacks.
Fileless malware attacks:
Another growing trend is the use of fileless malware. Unlike conventional malware attacks, attackers do not have to install any code on the target system. Instead, they modify legitimate applications that have already been installed and misuse them for their own purposes. Such attacks are almost impossible to detect and difficult to prevent.
These and numerous other trends make it clear: Phishing will continue to be the number one cyber threat, also in 2022. In order to protect against attacks, in addition to technical and organizational protective measures, it is above all essential to raise awareness among employees and managers. Make them aware of new trends and growing threats, and provide practical recommendations on how to recognize and successfully defend against professional phishing attacks.