Email security
BrandView

Zscaler report: Phishing attacks surged by 47.2% last year

The latest phishing report from Zscaler ThreatLabz shows a 47.2% surge in phishing attacks in 2022 compared to the previous year, driven by cybercriminals using increasingly sophisticated techniques to launch large-scale attacks.

Education was the most targeted industry in 2022, with attacks increasing by 576%, while the retail and wholesale sector dropped by 67% from 2021. 

Deepen Desai, Zscaler’s global CISO and head of security research, speaks to Security Weekly co-host Bill Brenner about key findings. He reports that:

  • Ransomware’s impact is most acute in the United States, the target for nearly half of ransomware campaigns over the last year.
  • Organizations in the arts, entertainment and recreation industry experienced the largest surge in ransomware attacks, with a growth rate over 430%.
  • The manufacturing sector remains the most targeted industry vertical, accounting for nearly 15% of total ransomware attacks. It is followed by the services sector, which experienced approximately 12% of the total quantity of ransomware attacks last year.
  • 25 new ransomware families were identified as using double extortion or encryption-less extortion attacks this year.

“Ransomware-as-a-Service has contributed to a steady rise in sophisticated ransomware attacks,” Desai says. “Ransomware authors are increasingly staying under the radar by launching encryption-less attacks which involve large volumes of data exfiltration.”

To counter this trend, Desai says organizations must move away from using legacy point products and, instead, migrate to a fully integrated zero trust platform that minimizes their attack surface, prevents compromise, reduces the blast radius in the event of a successful attack and prevents data exfiltration.

This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerbh to learn more about them!

The full interview is above. Notable points along the way:

00:00 - Zscaler's Deepen Desai discusses ransomware threat landscape

01:42 - Global ransomware attacks rise 38% in 2018

02:59 - Ransomware attacks start with phishing, gain access, steal data

04:05 - Defending against multi-stage ransomware attacks with zero-trust architecture

06:05 - Global targeted attacks: United States, Europe, India

07:07 - Best practices for protecting against multi-stage attacks

08:13 - Cloud native Zscaler security for remote users

Bill Brenner

InfoSec content strategist, researcher, director, tech writer, blogger and community builder. Senior Vice President of Audience Content Strategy at CyberRisk Alliance.

Related

Czechia, Germany targeted by long-term APT28 cyberespionage campaign

Attacks leveraging the critical Microsoft Outlook privilege escalation vulnerability, tracked as CVE-2023-23397, have been launched by Russian state-sponsored threat operation APT28 — also known as Forest Blizzard, BlueDelta, Fancy Bear, and TA422 — against the Czech Republic and Germany as part of a long-term cyberespionage campaign, according to The Hacker News.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.