Security News > 2022 > April > Criminals adopting new methods to bypass improved defenses, says Zscaler

The number of phishing attacks worldwide jumped 29 percent last year as threat actors countered stronger enterprise defenses with newer methods, according to researchers with Zscaler's ThreatLabz research team.

While the United States remained the country with the most phishing attempts, others are seeing faster growth in the number of incidents - exploiting new vectors like SMS and lowering the barrier of entry for launching attacks through pre-built tools made available on the market.

"Phishing attacks continue to remain one of the most prevalent attack vectors, often serving as a starting point for more advanced next stage attacks that may result in a large-scale breach," Deepen Desai, CISO and vice president of security research and operations at Zscaler, told The Register.

"As organizations continue to improve their defenses to combat phishing attacks, threat actors also evolve their tools, tactics, and procedures in order to evade these controls and make phishing attacks more successful."

The top PhaaS methods are phishing kits - essentially packages of everything a threat actor needs - and open-source phishing frameworks, which can be found on code-sharing forums and offer a range of features to execute specific attack functions or automate the entire process.

Bad actors using phishing methods are also using public cloud storage service providers like Amazon Web Services, Microsoft Azure, and Google Cloud to host the phishing pages, he said.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/04/20/phishing-attempts-on-rise-zscaler/