APWG Report: phishing attacks highest on record


    - by David Goldstein -

    Cybercrime continues to cause problems around the world with the Anti-Phishing Working Group reporting there were 316,747 unique phishing websites (attacks) detected in December 2021, the highest ever number of attacks they have ever recorded in one month according to their latest APWG Phishing Activity Trends Report for the fourth quarter of 2021.
    For the fourth quarter, the APWG reported in addition to December’s record, there were 267,530 attacks in October and 304,308 in November. The number of recent phishing attacks has more than tripled since early 2020, when APWG was observing between 68,000 and 94,000 attacks per month.

    Brand phishing particularly affected in 2021

    But while the number of attacks is growing, the number of brands or “Unique Subjects” attacked has declined from its 2021 peak in September to around 515 in December. But this was still above the number recorded for the first eight months of 2021.

    Financial sector most targeted

    The financial sector was the most frequently targeted by phishing in the fourth quarter with 23.2% of all attacks. Attacks against SaaS and webmail providers, the most frequently targeted in the fourth quarter, accounted for 19.5% of all attacks. They were followed by eCommerce/retail (17.3%), payment providers (9.3%) and social media (8.5%). Cryptocurrency exchanges and wallet providers crept up to 6.5% of attacks while the logistics and shipping industry accounted for 4.1%.

    ccTLDs safer than gTLDs

    When it comes to domain names, the legacy generic top-level domains (gTLDs) such as .com and .net made up two-thirds (60%) of the domain names used for phishing in the APWG sample set, yet they make up half (52%) of all the domain names registered around the world. Domain names registered in .com accounted for the most phishing domains with 754 in the sample set out of 875 for gTLDs.
    When it comes to the new gTLDs, they made up 6% of the domain names in the world but about 14% of the domain names in the sample set (207 domains). For country code domain top-level domains (ccTLDs), such as .cn (China) and .de (Germany), they account for about 42% of the domain names registered around the world as of the beginning of the fourth quarter, but APWG reports they made up only 25% of the domain names in the sample set (362 domains).

    Ransomware stands out strongly

    Ransomware is the cybercrime that is growing and getting regular media attention these days. What is it? Ransomware is a form of malware that, when activated on a computer such as through clicking on an email link, encrypts all the company’s data on a network. A company is then forced to choose between paying a ransom and hopefully having their data unencrypted or relying on backups. However paying a ransom is never a guarantee of having data unencrypted.
    In their report, APWG observes the number of companies falling victim to ransomware in the fourth quarter 2021 was 36% higher than in the third, and the highest number seen over the past two years. In the 2020/21 calendar years, 4,200 companies, organisations and government institutions were identified that fell victim to a ransomware attack. The top industries impacted by ransomware in the fourth quarter were manufacturing with 20% of all attacks, retail and wholesale (13%), business services (12%), construction (8%) and healthcare (7%). Nearly half of all ransomware victims were located in the United States, followed by the United Kingdom, France, Canada and Germany.

    BEC attacks conspicuously increased

    Another common form of cybercrime that was tracked was the identity theft technique known as “business email compromise” or BEC. BEC attacks have caused aggregate losses in the billions of dollars at large and small companies. In a BEC attack, the APWG notes a scammer impersonates a company employee or other trusted party, and tries to trick an employee into sending money, usually by sending the victim email from a fake or compromised email account (a “spear phishing” attack).
    In a BEC attack, APWG reports the average amount requested in wire transfer BEC attacks in the fourth quarter was $50,027, down from $64,353 in the previous quarter. This decrease, the report notes, occurred as scammers requested fewer large transfers over $100,000. In the fourth quarter, gift card requests were the most popular cash-out method, making up 68 percent of the total, followed by payroll diversion attempts (21%) and wire transfer schemes (9%). When communicating, almost two-thirds (65.8%) of BEC scammers used a Google Gmail email address.

    Contact us to learn more about how to protect against cybercrime.