Get Ready for 3 Troubling 2022 Phishing Trends

December 10, 2021

Phishing continues to be a pervasive problem for businesses of every size. In a 2021 survey,  74% of respondents said that their companies had been successfully phished in the last year. We’ve also seen historic increases in phishing-associated players lie ransomware, account takeover (ATO) and business email compromise (BEC) for the past two years, spawning an email security problem that businesses have to address to avoid falling victim to a devastating cyberattack. An estimated one in four businesses had an email security breach in 2020, and one-third of those email security breaches can be traced to phishing.  

See how to avoid cybercriminal sharks in Phishing 101. DOWNLOAD IT>>

Phishing is Expensive

Phishing is a menace to business budgets. Even unsuccessful phishing costs companies a fortune every year. If one of the many phishing attempts employees face every day results in a cybercriminal success, the sky is the limit for expenses. An estimated 60% of businesses shutter in the wake of a successful cyberattack, and cost is a major player in that calculus. The 2021 Ponemon Cost of Phishing Study shed light on the massive increase in the cost of a phishing attack for businesses. Researchers say that the cost of phishing attacks has almost quadrupled over the past six years, with large US companies losing an average of $14.8 million annually (or $1,500 per employee) to phishing.  

The tremendous increase in email volume that started in March 2020 has been a driver behind the escalation of phishing risk. More email coming into businesses means more phishing messages that could land in an employee’s inbox, and any phishing message that an employee receives endangers their employer. An estimated 306.4 billion emails were sent and received each day in 2020, and if email volume continues to trend the way that experts expect, it is estimated to reach over 376.4 billion daily messages by 2025. 

Learn the secret to ransomware defense in Cracking the RANSOMWARE Code. GET BOOK>>

3 Threats to Watch Out for in 2022

That’s why it is critical to a company’s success that they build a strong defense against phishing. As we head into 2022, these phishing-related risks should be on every IT professional’s radar when planning a defensive strategy.  

SEGs Continue to Become Less Reliable

Businesses that are still relying on a Secure Email Gateway (SEG) will find that SEG is increasingly vulnerable to cybercriminal tricks, allowing more phishing emails to pass through. For years, bad actors have had a vested interest in finding ways to get their poisoned messages past security tools like a SEG and they’re enjoying a high level of success using a variety of methods that they will keep refining.  

In October 2021, researchers sounded the alarm about a phishing email intended to launch a Halloween-themed MICROP ransomware offensive that was making its way to a target’s inbox despite that inbox being secured by a SEG. 

Venture Beat reported that two million malicious emails slipped past traditional email defenses, like secure email gateways, between July 2020-July 2021. 

In April 2021, A phishing campaign was discovered by researchers that was masquerading as a Microsoft Office SharePoint-related message and successfully bypassing security email gateways (SEGs), including Microsoft’s own SEG. 

Ransomware Growth Will Accelerate 

Gartner’s latest Emerging Risks Monitor Report suggests that the threat of “new ransomware models” remains the top cybersecurity concern facing business leaders in the year ahead. Ransomware has been at the forefront of cybersecurity conversations this year and with good reason. It has grown by an eye-popping 767% in 2021, easily dwarfing all other types of attack. Ransomware losses in 2021 are also up more than 300% over the same period last year, beating 2020’s record-setting pace. In an article on the Nasdaq blog, ransomware was named the greatest business threat of 2022. What makes experts nervous? 

Cybersecurity Ventures released new estimates that project ransomware costs will reach $265 billion by 2031, with a new attack every 2 seconds. 

FinCEN, the US’s Financial Enforcement Network, reported the total value of suspicious activity related to ransomware in the first half of 2021 was 30% higher than the amount filed for all of 2020 

When looking at year-over-year growth in ransomware, researchers at the UK National Cyber Security Centre (NCSC) determined that there were three times as many ransomware attacks in the first quarter of 2021 than in the whole of 2019. 

Brand Impersonation and Deepfakes Will Grow  

Brand impersonation and deepfakes have become a major threat to businesses and that trend is expected to continue in 2022. Brand impersonation is one of the oldest tricks in the book but it’s still a go-to for cybercriminals because it tends to be effective. Employees are likely to approach messages from trusted brands that they interact with frequently like Microsoft or Amazon with a higher degree of trust that cybercriminals can leverage to slip malicious messages past their defenses. Deepfake technology has also seen significant improvements, creating a new level of risk.  

The Verizon Data Breach Investigations Report 2021 shows the rapid rise of brand impersonation, called Misrepresentation in this instance, clocking in 15 times higher than it did in 2020. The DBIR notes that this growing category is an aspect of social engineering and a direct precursor to business email compromise attacks

Forbes reported on one of the most significant deepfake phishing attacks, a bank manager in the United Arab Emirates fell victim to a threat actor’s scam. Hackers used AI voice cloning to trick the bank manager into transferring $35 million. Experts point to this example as a red flag that indicates that threat actors will use advanced technology to launch use deepfake social engineering attacks to gain permissions and to access sensitive data. 

A recent article in DarkReading warned about AI-based deepfake technologies like GPT-3 (Generative Pre-trained Transformer) that use language learning to create highly believable brand impersonation emails. Attackers using this technology can use appropriated email addresses by compromising mail servers or running man-in-the-middle attacks to generate fraudulent emails.  

The road to security success begins with 5 Steps to Ransomware Readiness! GET IT>>

Reduce Phishing Risk in 1 Move

Controlling the risk that a business faces from phishing is an important part of that organization’s success. Gartner’s Emerging Risks Monitor Report also noted that cybersecurity risk was consistently singled out as a major concern of CEOs across all geographic regions and most industries, cited by 67% of respondents. Businesses that want to achieve greater success and keep growing in 2022 are making a smart choice when they opt to decrease their phishing risk by stopping phishing messages from reaching their employees. 

Stop phishing immediately with Graphus – the most simple, automated and affordable phishing defense available today. When you choose AI-powered, automated email security, your business gains an array of strong defenses against phishing that stop today’s nastiest phishing threats cold. Graphus’ AI technology refines your protection daily to ensure that your business is protected against tomorrow’s phishing threats too. 

  • You’ll gain a powerful guardian that protects your business from some of today’s nastiest threats like spear-phishing, business email compromise, ransomware and other horrors that will fit perfectly into your IT budget. 
  • Plus, automated security is up to 40% more effective at spotting and stopping malicious messages like phishing emails than a SEG or conventional security.  
  • Get detailed, actionable threat intelligence with the Graphus Threat Intelligence add-on, featuring detailed reports on the malicious or compromised IP and email addresses, URLs, and attachment hashes used in cyberattacks that target your users. 
  • Click here to watch a video demo of Graphus now. 

Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus