Phishing is one of the most formidable threats in the cyber world today. Even though various news, reports, and anti-phishing campaigns attempt to spread awareness and knowledge, people still fall victim to novel phishing methods. This article seeks to summarize key statistics observed so far in 2022 by various cybersecurity organizations and present them in a useful and comprehensive manner. It is also a warning for all organizations and individuals for the rest of the year.


Alarming Cybercrime And Phishing Statistics

Before an in-depth analysis of the top trends of 2022, here is a quick look at the current phishing and cybercrime landscape in numbers.

  • Phishing remained the top root cause of data breaches in the first quarter of 2022, according to an ITRC report.
  • HTML attachments were the most common files deployed by phishing attackers in Q1 2022.
  • Brand impersonation continued to lure victims through phishing pages, and Microsoft and LinkedIn were the topmost impersonated brands.
  • EMOTET, a go-to cybercrime service for malicious actors, made a return after shutting down in 2021.
  • The Ukraine war gave threat actors more ground to conduct their nefarious activities as it helped them raise their attack potential with Ukraine-themed phishing emails.
  • Crypto and NFTs became a favorite target for the adversaries, aligned with the growing public interest.


Top Phishing Trends In 2022 So Far: Russia-Ukraine War And The Changing Phishing Landscape

For financial gains, adversaries took advantage of the rising global interest in the Russia-Ukraine conflict. Within two weeks of the war, 3,900 out of 5,000 newly added domains included text strings like “Russia,” “Ukraine,” “support,” “donate,” or their combinations. Several of these domains were flagged as malicious, while they called upon readers to donate large amounts to aid Ukrainians.

Malicious actors used these domains to carry out financial scams. Malicious actors also targeted those who supported Ukraine and launched opportunistic phishing campaigns. Victims received emails with Russia-Ukraine conflict-themed subject lines with links leading to pages with donation requests and easy payment methods. Other domains had additional text strings such as “news” and “live” and were used in campaigns targeting those actively interested in the war.


The Return of EMOTET

When EMOTET was disrupted through coordinated international efforts of multiple law agencies in January 2021, nobody imagined that this cybercrime-as-a-service organization would revive. However, EMOTET reemerged soon with multiple adversarial attacks and started delivering advanced phishing emails. In some emails, URLs linked to malicious documents were embedded in the body rather than appear as attachments. Threat actors delivered an MS Excel file with malicious macros in another phishing campaign. This file had multiple sheets, including hidden ones and obfuscated strings to avoid detection.

Later, in early 2022, EMOTET delivered phishing emails with financial themes during the US tax season. Individuals who needed to file tax returns were targeted with Excel files loaded with macros. The IRS logo made all elements look authentic, and EMOTET.dll files would download once the user accepted the request to enable macros.


HTML Attachments in Phishing Emails

Kaspersky and Cofense found that in Q1 2022, HTML files were the most common type of attachments used for phishing purposes. It is a standard method used by adversaries and more effective than deploying phishing content in the email body. Some attachments have a hidden link that redirects the users to phishing pages, and some have phishing forms and scripts embedded in them. HTML files allow implementing personalized phishing content using JavaScript. Usually, when a file sends data to a malicious URL or includes a malicious script, security tools can block it in real-time. However, in this case, threat actors use Java obfuscation to disguise HTML attachments to avoid it.


How The Conti Ransomware Leaks Enhance The Understanding Of The Phishing Threat Landscape

Conti, a prolific ransomware-as-a-service group’s source code, documentation, and communication got leaked recently in retaliation by an anonymous person. These leaks have become immensely valuable to cybersecurity experts and threat actors alike. They exposed the strategies, resources, and communications of a high-profile cybercrime group to be analyzed by cybersecurity experts. They also lay bare how easy it is to conduct phishing attacks for threat actors. New threat actors may find impetus by them to improve their existing infrastructure to carry out sophisticated attacks.


Brand Impersonation

So far, in 2022, brand impersonation has remained another top threat to individuals and businesses worldwide. In Q1, Linkedin and Microsoft were among the top brands impersonated during phishing campaigns. Malicious actors leverage social and professional networking platforms such as LinkedIn and WhatsApp and tech giants like Google and Microsoft to lure victims into revealing their credentials.

Users receive seemingly authentic emails that deceive them and subsequently make them click on malicious links. These links open to fake URLs where users are required to enter credentials that they expose to the malicious actors behind them. These orchestrated phishing campaigns occur on a large scale to get maximum victims to divulge their login credentials and confidential and sensitive information.


Cybersecurity Best Practices For Phishing Protection

Phishing emails can be difficult to mitigate and prevent and can lead to huge losses for organizations if overlooked. Hence, organizations and individuals must establish and follow certain security practices to fight against the threat, as listed below.

  • To counter social media phishing attacks, organizations must control the use of personal devices by staff for office work.
  • Today’s advanced phishing emails are clever enough to evade detection by humans and systems with a lax cybersecurity approach. Therefore, one cannot overemphasize the importance of corporate and individual cybersecurity training and education to reduce vulnerabilities within the organization.
  • One can spot a phishing email by checking for unusual or inconsistent content. Before clicking on links or opening attachments from unknown senders, a user must take due diligence. One must act upon any email asking for confidential or financial information only after verifying its authenticity. Individuals must check the SSL certificates of the URLs they visit.
  • Organizations must deploy a robust email security infrastructure, including SPF, DKIM, and DMARC records, and targeted threat protection. They must ensure that their email configurations are effective and that all security gaps are bridged.
  • Businesses must also adopt anti-phishing solutions to protect individuals and organizations from spear phishing.
  • Phishing simulators to test the efficacy of the cybersecurity framework and staff awareness must also be introduced by organizations as part of anti-phishing training.


Final Words

In the age of technological breakthroughs and disruptive innovations, cyber threats, such as phishing, are also sophisticated, raising serious challenges for organizations. However, the right research, solutions, and awareness will allow security administrators and individuals to make the right decisions to protect their information networks. So far, the phishing trends of 2022 appear as if they will continue in the coming quarters. Therefore, organizations should proactively deploy adequate resources, safeguards, and anti-phishing tools to keep their operations unaffected by such attacks. Furthermore, threats like phishing call for organizations to adopt a proactive approach towards threats rather than a reactive one to stay ahead of the curve.