The volume of phishing-based cyberattacks rose by 29 percent in 2021 over prior-year levels and was driven in part by an increase in phishing-as-a-service schemes, according to new research from cloud security services provider Zscaler and its ThreatLabz research operation.

The full-year 2021 phishing attack data – and the whopping 873 million observed phishing attacks during that period – was derived from analysis by the ThreatLabz research team of data from more than 200 billion daily transactions, and 150 million daily blocked attacks observed in the Zscaler cloud last year.

Among industry groups, the retail and wholesale sectors were among the hardest hit with attack attempts, and both saw a four-fold increase in phishing attacks in 2021. Organizations in the U.S., Singapore, Germany, Netherlands, and the United Kingdom were most frequently targeted.

Helping to drive the phishing attack rate higher was the adoption of phishing-as-a-service, which Zscaler said “provides a marketplace of pre-built attack tools that reduce technical barriers to entry for criminals,” along with an uptick in emerging phishing vectors such as SMS-based phishing.

“Phishing attacks are impacting businesses and consumers with alarming frequency, complexity, and scope – with the rise in phishing-as-a-service making it easier than ever for non-sophisticated actors to launch successful attacks,” commented Deepen Desai, Zscaler’s chief information security officer and VP of Security Research.

Zero Trust Defense

To blunt the impact of the rising rate of phishing attacks, Zscaler is recommending the implementation of phishing prevention controls “as part of a broader zero trust strategy that enables you to detect active breaches and minimize damages caused by successful breaches.”

It explained that the company’s Zscaler Zero Trust Exchange “is built on a holistic zero trust architecture to minimize the attack surface, prevent compromise, eliminate lateral movement, and stop data loss.”

“Consider the typical phishing attack chain: first, attackers perform reconnaissance to understand your assets and security controls,” the ThreatLabz report says. “Then, they compromise your system using a phishing attack method, after gaining access the attacker moves laterally to escalate privileges and carry out further attack objectives, such as spying on, stealing, or damaging valuable company resources.”

“Zero trust uses inspection and policy-driven conditional access to minimize the success of each of these steps and maximize resiliency,” the report says. “The Zscaler Zero Trust Exchange hides your attack surface, inspects and analyzes all traffic to prevent intrusion, keeps attackers from moving laterally, and stops sensitive data from leaving to command and control servers.”

“Zscaler also uses active defense strategies, deploying realistic decoy assets that lure attackers and alert security teams of ongoing malicious activity with high fidelity,” the report says.  “These multi-layered defenses disrupt every stage of the attack chain and help you quickly uncover and stop advanced threat actors before they can cause harm.”

“To defend against advanced phishing attacks, organizations must leverage a multi-pronged defensive strategy anchored on a cloud-native zero trust platform that unifies full SSL inspection with AI/ML-powered detection to stop the most sophisticated phishing attempts and phishing kits, lateral movement prevention, and integrated deception to limit the blast radius of a compromised user, proactive controls to block high-risk destinations such as newly registered domains that are often abused by threat actors, and in-line DLP to safeguard against data theft,” Desai emphasized.

Read More About
More Topics
John Curran
John Curran
John Curran is MeriTalk's Managing Editor covering the intersection of government and technology.