The APWG's new Phishing Activity Trends Report reveals that the number of phishing attacks has tripled from early 2020. APWG observed 316,747 phishing attacks in December 2021, which is the highest number since APWG start in 2004.
In the fourth quarter of 2021, APWG founding member OpSec Security found that the financial sector, which includes banks, became the most frequently attacked cohort, accounting for 23.2% of all phishing.
Attacks against webmail and software-as-a-service (SaaS) providers remained prevalent as well. Phishing against cryptocurrency targets – such as cryptocurrency exchanges and wallet providers – inched up to represent 6.5% of attacks.
Overall, the number of brands that were attacked in Q4 descended from a record 715 in September 2021, cresting at 682 in November for the Q4 period.
Abnormal Security observed 4,200 companies, organizations, and government institutions falling victim to ransomware in Q4 2021, some 36% higher than in Q3 2021 and the highest number the company has witnessed over the past two years. "The overall distribution of ransomware victims indicates that ransomware attacks are industry-agnostic," said Crane Hassold, Director of Threat Intelligence at Abnormal Security.
"Like with other financially-motivated cyber-attacks, the focus of most ransomware attacks is more about the ability to quickly profit from the exploitation of a corporate network and less about the characteristics of the victim company itself." The top industries impacted by ransomware in Q4 2021 were manufacturing, retail and wholesale, business services, construction, and healthcare.
PhishLabs, by HelpSystems, analyzed malicious emails reported by corporate users and categorized them by threat type. PhishLabs found that in Q4 2021: 51.8% of them were credential theft phishing attacks, 38.6% were response-based attacks (such as BEC, 419, and gift card frauds), and 9.6% were malware delivery attacks.
Agari by Helpsystems found that the average amount requested in wire transfer BEC attacks in Q4 2021 was $50,027, down from $64,353 in Q3 2021. This decrease was because scammers requested fewer big-dollar transfers over $100,000. RiskIQ also observed a surge in phishing continued along with an increase in the overall number of phishing emails. And Axur found that phishing in Brazil went down in Q4, a pleasantly surprising development during the holiday shopping season.
Agari found that domain name registrar NameCheap was the primary registrar used by cybercriminals to register the domain names for BEC attacks in Q4 2021. NameCheap accounted for more than half of all BEC domain registrations, with Google and GoDaddy each making up 8%. As the name implies, NameCheap is one of the least expensive places to register a domain. This is likely a factor in its popularity with scammers.
RiskIQ found that the 13,947 confirmed phishing URLs reported to APWG in Q4 2021 were hosted on just 1,444 unique second-level domains. In comparison, in Q3, RiskIQ analyzed 4,340 confirmed phishing URLs and found that they were hosted on 2,649 unique second-level domains – almost twice as many domains. (Source: APWG Trend Reports)