Zscaler Research Finds 60% Increase in AI-Driven Phishing Attacks - Seite 2
Canada (2.9%) and Germany (2.8%) rounded out the top five countries that experienced the most phishing attempts. The majority of phishing attacks originated from the U.S., the U.K., and Russia, while Australia entered the top 10 due to a 479% year-over-year surge in the volume of phishing content hosted in the country.
Financial industry faces a nearly 400% increase in attacks
The finance and insurance sector experienced the highest number of overall phishing attempts, amounting to a 393% increase of attacks from the previous year. Reliance on digital financial platforms provides ample opportunities for threat actors to carry out phishing campaigns and exploit vulnerabilities in this sector.
The manufacturing industry also experienced a significant uptick (31%) in phishing attacks from 2022 to 2023, underscoring the growing awareness of the industry's vulnerability. As manufacturing processes become more reliant on digital systems and interconnected technologies like IoT/OT, the risk of exploitation by threat actors seeking unauthorized access or disruption also grows.
Microsoft remains the most impersonated brand used in phishing attacks
ThreatLabz researchers identified enterprise brands such as Microsoft, OneDrive, Okta, Adobe and SharePoint as prime targets for impersonation due to their widespread usage and the value associated with acquiring user credentials for these platforms.
Microsoft (43%) emerged as the top imitated enterprise brand in 2023, with its OneDrive (12%) and SharePoint (3%) platforms also ranking in the top five—serving as lucrative targets for cybercriminals aiming to exploit Microsoft’s vast user base.
Lesen Sie auch
How a Zero Trust architecture can mitigate phishing attacks
Organizations can implement a Zero Trust architecture with advanced AI-powered phishing prevention controls to effectively defend against the ever-evolving threat landscape highlighted in the report. The Zero Trust Exchange platform helps prevent conventional and AI-driven phishing attacks at multiple stages of the attack chain by:
- Preventing compromise: TLS/SSL inspection at scale, AI-powered browser isolation and policy-driven access controls prevent access to suspicious websites.
- Eliminating lateral movement: Users connect directly to applications, not the network, while AI-powered app segmentation limits the blast radius of a potential incident.
- Shutting down compromised users and insider threats: Inline inspection prevents private application exploit attempts, and integrated deception capabilities detect the most sophisticated attackers.
- Stopping data loss: Inspection of data in-motion and at-rest prevents potential theft by an active attacker.
For a deeper dive into best practices for protecting your organization and to download the full Zscaler ThreatLabz 2024 Phishing Report, visit http://www.zscaler.com/campaign/threatlabz-phishing-report.