APWG 1Q 2022 Report Phishing Reaches Record High APWG Observes One Million Attacks in First Quarter of 2022

Aura Lane
Written by Aura Lane on
APWG 1Q 2022 Report Phishing Reaches Record High APWG Observes One Million Attacks in First Quarter of 2022

The APWG’s new Phishing Activity Trends Report reveals that in the first quarter of 2022 the APWG observed 1,025,968 total phishing attacks—the worst quarter for phishing that APWG has observed to date. This quarter was the first time the three-month total has exceeded one million. APWG saw 384,291 attacks in March 2022, which was a record monthly total. In the first quarter of 2022, APWG founding member OpSec Security reported that phishing attacks against the financial sector, which includes banks, remained the largest set of attacks, accounting for 23.6 percent of all phishing. Attacks against webmail and software-as-a-service (SAAS) providers remained prevalent as well, while attacks against retail/ecommerce sites fell from 17.3 to 14.6 percent after the holiday shopping season. Phishing against social media services rose markedly, from 8.5 percent of all attacks in 4Q2021 to 12.5 percent in 1Q2022. Phishing against cryptocurrency targets—such as cryptocurrency exchanges and wallet providers—inched up from 6.5 in the previous quarter to 6.6 percent of attacks. John Wilson, Senior Fellow of Threat Research at APWG member HelpSystems, tracks the identity theft technique known as “business e-mail compromise” (BEC). Wilson noted that “In the first quarter of 2022, 82 percent of Business Email Compromise messages were sent from free webmail accounts. Of those, 60 percent used Gmail.com. For the 18 percent of BEC messages sent from attacker-controlled domains, NameCheap was the most popular registrar. “One third of all maliciously registered domains use for BEC attacks were registered via NameCheap,” Wilson pointed out. APWG member PhishLabs by HelpSystems analyzes malicious emails reported by corporate users. John LaCour, Principal Product Strategist at PhishLabs by HelpSystems, said that “In the first quarter of 2022, we observed a 7 percent increase in credential theft phishing against enterprise users, up to nearly 59 percent of all malicious emails.” LaCour also noted that impersonation attacks were 47 percent of social media threats, up from 27 percent the prior quarter.   “A lot of companies don’t realize that their executives are being spoofed on social media. This is a huge business risk,” said LaCour. On another front, APWG member Abnormal Security documents the dangerous nature of ransomware for all kinds of companies. Abnormal Security found the total number of ransomware attacks decreased by 25 percent in the first three months of 2022, falling to a similar level that Abnormal observed in the third quarter of 2021. This decrease seems to be primarily caused by a big drop in attacks from two prolific cybercrime gangs, Pysa and Conti, known to develop and deploy ransomware at scale.  Crane Hassold, Director of Threat Intelligence at Abnormal Security, said that “The disappearance of Pysa and the significant drop in attack volume from Conti clearly had a substantial impact in the overall ransomware landscape in the first quarter of the year. This demonstrates the centralized nature of the ransomware landscape, meaning a relatively small number of groups are responsible for a majority of attacks. This also means that any actions taken against those groups (law enforcement disruption, infrastructure takedown, etc.) can have a noticeable impact on overall attack volume. “This is very different from something like BEC, which is highly decentralized, where the removal of dozens or even hundreds of actors wouldn’t have that much of an overall impact on attack volume because there is no ‘head of the snake’ to go after,” Hassold said. The top industries impacted by ransomware in Q4 2021 were manufacturing, business services, finance, and retail and wholesale firms, said Hassold.  The full text of the report is available here: https://docs.apwg.org/reports/apwg_trends_report_q1_2022.pdf About the APWG  Founded in 2003, the Anti-Phishing Working Group, (APWG) is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multilateral treaty organizations, research centers, trade associations and government agencies. There are more than 2,200 companies, government agencies and NGOs participating in the APWG worldwide. The APWG’s (www.apwg.org) and websites offer the public, industry and government agencies practical information about phishing and electronically mediated fraud as well as pointers to pragmatic technical solutions that provide immediate protection. The APWG is co-founder and co-manager of the STOP. THINK. CONNECT. Messaging Convention, the global online safety public awareness collaborative (https://messagingconvention.org) and founder/curator of the eCrime Researchers Summit, the world's only peer-reviewed conference dedicated specifically to electronic crime studies (www.ecrimeresearch.org). APWG advises hemispheric and global trade groups and multilateral treaty organizations such as the European Commission, the G8 High Technology Crime Subgroup, Council of Europe's Convention on Cybercrime, United Nations Office of Drugs and Crime, Organization for Security and Cooperation in Europe, Europol EC3 and the Organization of American States. APWG is a member of the steering group of the Commonwealth Cybercrime Initiative at the Commonwealth of Nations. Among APWG's corporate sponsors are: 418 Intelligence, Abnormal, Accenture, Acronis, Afilias, AGARI, AhnLab, AT&T, Allure Security, AREA 1, AIT, appgate, Avast, Awayr AI, AXUR, BW CIRT, Bambenek Consulting, Banelco CSIRT, Bolster, BrandShield, Browlser, ByteDance, Canva, CaixaBank, Check Point, Cisco, CLARO, Cloudflare, CLOUDMARK, COFENSE, Coinbase, Comcast, CSC, CSIRT BANELCO, CSIS, Cyan Digital Security, CYREN, Cyxtera, CZ.NIC, DS Lab, DigiCert, dmarcian, DNS Belgium, DomianTools, EBRAND, Entrust Datacard, ESET, Facebook, FirstRand, Fortinet, FraudWatch, GetResponse, GMS Securidad, GoDaddy Registry, Group-IB, Guidewire. Hitachi Systems, .ID, ICANN, Infoblox, Ingressum, INKY Technology Company, IQ Global, iThreat, Kaspersky, KnowBe4, Lenos Software, LINE, Looking Glass, LSEC, Mailshell, McAfee, Microsoft, Mimecast, NAVER, Netcraft, NetSTAR, Nominet, Opera, OpSec Security, Palo Alto Networks, PANDI, PayPal, PhishLabs, Proofpoint, Qintel, Rakuten, Recorded Future, Redsift, REDIRIS, ReversingLabs, RiskIQ, RSA, S2W Lab, SafeGuard Cyber, Salesforce, Secutec, SIDN, SlashNext, Sopos, SWITCH, Symantec, Tessian. Thomsen Trampedach, ThreatSTOP, TNO, TrendMicro, Trustwave, Twilio, Unbiased Security, Vade, Verisign, Viettel Cyber Security, Webroot, workday, ZeroFOX, ZibaSec, ZIX, and zvelo. Media Contacts For media inquiries related to the APWG, please contact APWG Secretary General Peter Cassidy ([email protected], +1.617.669.1123).  Or for company-specific content related to this release, please contact: Anil Prasad at Abnormal Security (www.abnormalsecurity.com/contact), Stefanie Wood Ellis of OpSec Security ([email protected]); Rachel Woodford of Agari ([email protected]), Eduardo Schultze of Axur ([email protected],+55 51 3012-2987); Stacy Shelley of PhishLabs ([email protected], +1.843.329.7824); Holly Hitchcock of RiskIQ ([email protected]).  Source: APWG

Comments