Education sector bears brunt of surge in phishing attacks

Phishing attacks around the world rose nearly 50% in 2022 compared to 2021, with education as the most targeted industry where attacks ballooned by 576%, according to Zscaler.

The 2023 ThreatLabz Phishing Report is based on a year’s worth of global phishing data from the Zscaler cloud from January 2022 through December 2022 to identify key trends, industries and geographies at risk, and emerging tactics.

A majority of modern phishing attacks rely on stolen credentials and outlined the growing threat from Adversary-in-the-Middle (AitM) attacks, increased use of the InterPlanetary File System (IPFS), as well as reliance on phishing kits sourced from black markets and AI tools like ChatGPT. 

“We continue to see an increase in the number of phishing attacks which are becoming more sophisticated in nature (and) threat actors are leveraging phishing kits & AI tools to launch highly effective e-mail, SMiShing, and Vishing campaigns at scale,” said Deepen Desai, global CISO and head of security at Zscaler. 

“AitM attacks supported by growth in Phishing-as-a-Service have allowed attackers to bypass traditional security models, including multi-factor authentication,” he said. “To protect their environment, organisations should adopt a Zero Trust architecture to significantly minimize the attack surface, prevent compromise, and reduce the blast radius in case of a successful attack.” 

The emergence of new AI technology and large language models like ChatGPT have made it easier for cybercriminals to generate malicious code, Business Email Compromise (BEC) attacks, and develop polymorphic malware that makes it harder for victims to identify phishing. 

Malicious actors are also increasingly hosting their phishing pages on the InterPlanetary File System (IPFS), a distributed peer-to-peer file system that allows users to store and share files on a decentralized network of computers. It is much more difficult to remove a phishing page hosted in IPFS because of its peer-to-peer network aspect. 

ThreatLabz recently discovered a large-scale phishing campaign that involves AiTM attacks, which use techniques capable of bypassing conventional multifactor authentication methods. 

Vishing, or voicemail-themed phishing campaigns, have evolved from SMS or SMiShing attacks. Attackers are using real voice snippets of the executive team in these vishing attacks by leaving a voicemail of these pre-recorded messages. 

Then, recipients are pressured into taking action, like transferring money or providing credentials. Many US-based organizations have been targeted using Vishing attacks. 

Recruitment scams on LinkedIn and other job recruiting sites are also on the rise. Victims would often undergo an entire interview process, with some even being asked to purchase supplies to be reimbursed later. 

Cybercriminals often find success when impersonating popular consumer and technology brands. Microsoft was once again the most imitated brand of the year, accounting for nearly 31% of attacks as the attackers phished for access to various Microsoft corporate applications of the victim organisations. 

Cryptocurrency exchange Binance and big brands like Netflix, Facebook, and Adobe also among the top 20 most imitated and phished brands. 

The education industry experienced the most significant surge in 2022 phishing attempts, jumping from the 8th spot to No. 1, with an increase of 576%. 

ThreatLabz believes the 2022 application process for student loan repayments and debt relief played a role in this surge. Rounding out the top five industries under attack are finance, insurance, government, and healthcare, which saw just under 31 million attempts in 2021 to over 114 million in 2022. 

Retail and wholesale industries, which topped the list as most targeted last year, saw a decrease of 67%. The service industry also saw a decline of 38% from attempts in 2021.