Zscaler, known for its leadership in cloud security, has unveiled the Zscaler ThreatLabz 2024 Phishing Report today. This report meticulously scrutinizes 2 billion thwarted phishing transactions across the Zscaler Zero Trust Exchange platform, recognized as the world’s largest cloud security platform, spanning from January to December 2023. The analysis exposes a staggering year-over-year surge of almost 60% in global phishing attacks, propelled notably by the proliferation of generative AI-driven tactics like voice phishing and deepfake phishing. Offering actionable insights into phishing methodologies and trends, this year’s report also presents a comprehensive set of best practices and strategies tailored to fortify organizational security posture against such threats.
Deepen Desai, CSO and Head of Security Research at Zscaler, remarked, “Phishing remains an enduring and often underestimated menace within the cybersecurity realm, evolving in sophistication as threat actors leverage cutting-edge advancements in generative AI and exploit trusted platforms to escalate attacks. Against this backdrop, the latest insights from ThreatLabz assume heightened significance in guiding our strategies and fortifying defenses against phishing. These revelations underscore the imperative for organizations to embrace a proactive, multilayered approach that amalgamates a resilient zero trust architecture with sophisticated AI-driven phishing prevention measures to effectively thwart these evolving threats.”
What is Phishing?
Phishing is one of the most common attack methods targeting individuals through e-mail, text messages, and phone calls. Its primary goal is to deceive the recipient into doing what is asked of them, most frequently disclosing financial information, login information for a system, or other sensitive information.
Operating as a top form of social engineering, phishing exploits psychological manipulation and subterfuge, whereby nefarious actors pretend to be trusted entities to fool users into taking certain actions. These actions typically involve clicking on links to fake websites, downloading malware, and disclosing personal information, such as bank account numbers or credit card information.
It first appeared in the mid-1990s, and the term “phishing” refers to hackers who use fraudulent emails to trick victims into divulging information illegally. However, since then, phishing attacks have taken many different forms, including email phishing, spear phishing, smishing, vishing, and whaling. Each type of phishing employs different channels and means of attack, such as email and text, but they all have similar goals.
Different Types of Phishing Attacks
As cybercriminals find ways to advance their phishing techniques, they are constantly developing new kinds of phishing scams. Below are some common kinds of phishing attacks:
- Spear Phishing: These are attacks against specific individuals or organizations where attackers develop personalized messages with the aid of the victim’s personal information. The use of references to colleagues, executives, or personal details increases the chances of the messages from phishing emails being authentic.
- Whaling Attacks: A type of spear phishing that targets high-ranking executives to glean large volumes of sensitive information. Attackers conduct extensive research on their victims to come up with convincing messages, which are often disguised as communications from executives making directives to pay large sums.
- Pharming: This is an attack that leverages on DNS cache poisoning to change the redirection of users from real websites to fraudulent sites. Users are lured into providing personal information on the fake site.
- Clone Phishing: Attackers replicate legitimate emails; they replace links and attachments to include malicious ones. Victims are lured into interacting with these malicious elements, often using the trust associated with known senders.
- Evil Twin Attacks: Attackers create fake Wi-Fi networks that resemble legitimated ones to intercept communications between users and their devices. This helps attackers capture sensitive information, such as user IDs and passwords.
- Voice Phishing (Vishing): Phishing that is done through voice-based media like VoIP or traditional phone service. The attackers use speech synthesis software to leave voicemails that prompt victims to give their account information under the guise of verifying their identity.
- SMS Phishing (Smishing): This takes place on mobile devices where attackers send messages that trick victims into revealing account information or installing malware. Victims are prompted to click on links or call specified numbers to provide personal data.
- Calendar Phishing: Attackers send false calendar invites that contain malicious links, attempting to trick victims into adding them to their calendars. These invitations seem legitimate, but they lure victims into clicking on the malicious link.
- Page Hijack Attacks: involve redirecting victims to fraudulent sites that are identical to the intended site. Attackers use cross-site scripting attacks to install malware on users’ redirected sites.
Phishing Strategies
Phishing attacks are more than just simple email delivery. They employ many sophisticated techniques to trap the victim. The following strategies are some of what the attackers use to accomplish their agenda:
- URL Spoofing: Attackers use JavaScript to overlay a legitimate URL image into a browser’s address bar, hiding the real URL. The real URL can be seen when one hovers on the embedded link, and these can be manipulated using JavaScript.
- Link Tampering: This is also called as URL hiding. It is a tactic where an attacker disguises a malicious URL as a legitimate one, which forces people to think that they are accessing a legitimate site or webpage. This is, in essence, a scam.
- Link Shorting: Attackers use link shortening sites like Bitly to hide the destination URL. People cannot distinguish whether the shortened URL would take them to a legitimate or malicious website.
- Homograph Spoofing: This is done by using URLs made of characters similar to those of known and trusted domain names. Attackers register domains with character sets similar to established domains just to deceive people.
- Graphical Rendering: This is achieved by rendering the message as a graphical image. This avoids scanning by the phishing defenses for specific text or words used in phishing emails.
- Covert Redirect: The victim gets directed to an apparent trusted source that asks for authorization to connect to another website. The URL that gets redirected is usually an intermediate, malicious page that asks for user authentication details before letting it take the victim to the legitimate site.
- Chatbots: Attackers use artificial intelligence chatbots that eliminate typical grammatical and spelling errors seen in phishing emails. This makes the message sound more legitimated and authentic, which makes it harder to detect. Phishing emails that use AI chatbots sound more legitimated and authentic, making it hard for people to detect.
- AI Voice Generators: These attackers use AI-based voice generator tools that sound like their familiar authority or family member upon a phone call. This personalization makes the attempted phishing attack more effective and requires only a little audio clip of the victim’s manager or family member.
Zscaler Phishing Report Key Findings
1. Geographical Distribution: North America topped the list of phishing attacks, followed by EMEA and India.
Top Targeted Countries: During the 2023 period, the most targeted countries of phishing scams were the United States, of which the share was 55.9%; the United Kingdom, of which the share was 5.6%; and India, of which the share was 3.9%. The high share of phishing in the United States is the country’s advanced digital infrastructure, a large internet-connected population, and a huge number of online financial transactions.
2. Top Five Countries for Phishing Attempts: The United States of Canada was on the list of the top five targeted countries of phishing attempts, with a share of 2.9%, and Germany was second on this list of the top five targeted countries of phishing attempts, with a share of 2.8%. Most of the attacks were originated from the United States, the U.K., and Russia. Australia also found a place in the top 10 while seeing a mind-blowing 479% increase in hosted phishing content when compared to the previous year.
3. Phishing Attacks in Financial Industry: The finance and insurance industry was hit by an incredible 393% increase in phishing attempts from 2022 to 2023. The reason is that the sector is highly dependent on digital financial platforms, which offer ripe opportunities to the threat actors to exploit the vulnerabilities.
4. Phishing Attacks in the Manufacturing Industry: The manufacturing industry was hit by a significant 31% increase in phishing attacks from 2022 to 2023. The manufacturing industry’s reliance on digital systems and interconnected technologies like IoT/OT has helped in rising manufacturing vulnerability.
5. Microsoft as a Prime Phishing Target: Microsoft was the most imitated brand in a phishing attack. Enterprise brands such as OneDrive, Okta, Adobe, and SharePoint were also the prime targets due to the huge use of such brands and the value attached to user credentials acquisition.
6. Top Imitated Enterprise Brands: During the 2023 period, Microsoft was the most imitated brand. This is because 43% of the top brands imitated were Microsoft. OneDrive was ranked at 12%, and SharePoint was ranked at 3%.
FAQs
1. What is the Zscaler ThreatLabz 2024 Phishing Report?
The Zscaler ThreatLabz 2024 Phishing Report is a comprehensive analysis conducted by Zscaler, renowned for its expertise in cloud security. This report meticulously examines 2 billion thwarted phishing transactions across the Zscaler Zero Trust Exchange platform, recognized as the world’s largest cloud security platform. The analysis spans from January to December 2023 and unveils a staggering year-over-year surge of almost 60% in global phishing attacks.
2. What is Phishing and how does it work?
Phishing is a prevalent cyber attack method that targets individuals through various communication channels such as email, text messages, and phone calls. The primary goal of phishing is to deceive the recipient into disclosing sensitive information, including financial details, system login credentials, or other personal information. Phishing operates as a form of social engineering, exploiting psychological manipulation and deception by impersonating trusted entities to trick users into taking specific actions, such as clicking on links to fake websites or divulging personal information.
3. What are the strategies employed in phishing attacks?
Phishing attacks utilize sophisticated techniques to deceive victims and achieve their objectives. Strategies employed by attackers include URL spoofing, link manipulation, link shortening, homograph spoofing, graphical rendering, covert redirect, chatbots, and AI voice generators.
4. What are the key findings of the Zscaler Phishing Report?
The key findings of the Zscaler Phishing Report include insights into the geographical distribution of phishing attacks, top targeted countries, phishing attacks in specific industries such as finance and manufacturing, prime targets for impersonation including Microsoft and other enterprise brands, and the prevalence of different types of phishing attacks such as email phishing, spear phishing, and SMS phishing.
[To share your insights with us as part of editorial or sponsored content, please write to sghosh@martechseries.com]