According to the latest annual State of Phishing report from SlashNext, there has been an 80% increase in phishing threats originating from accounts on trusted services such as Microsoft, Amazon Web Services or Google, with nearly one-third (32%) of all threats now being hosted on trusted services.
Additionally, the report found more than 255 million attacks in 2022 – a 61% increase in the rate of phishing attacks compared to 2021.
The report data is taken from a sample of threats detected by SlashNext security products. SlashNext analyzed over a billion link-based, malicious attachments and natural language threats scanned in email, mobile and browser channels over six months in 2022. The findings highlight a dramatic increase in phishing scams, as well as a new surface of tactics, as hybrid work and the use of personal mobile devices for work continue to be a trend.
For example, the report found that 76% of the attacks found in 2022 were credential harvesting, which is still the number one cause of breaches. Additionally, 54% of threats detected by SlashNext in 2022 were zero-hour attacks, representing a 48% increase in zero-hour threats from the end of 2021.
SlashNext’s research findings indicate that organizations must move from traditional security practices and last-generation tools to a modern security strategy including robust artificial intelligence (AI) phishing controls that address all variations of phishing attacks and provides a broad range of protections.
Read the full report from SlashNext.