The latest phishing report from Zscaler ThreatLabz shows a 47.2% surge in phishing attacks in 2022 compared to the previous year, driven by cybercriminals using increasingly sophisticated techniques to launch large-scale attacks.
Education was the most targeted industry in 2022, with attacks increasing by 576%, while the retail and wholesale sector dropped by 67% from 2021.
Deepen Desai, Zscaler’s global CISO and head of security research, speaks to Security Weekly co-host Bill Brenner about key findings. He reports that:
- Ransomware’s impact is most acute in the United States, the target for nearly half of ransomware campaigns over the last year.
- Organizations in the arts, entertainment and recreation industry experienced the largest surge in ransomware attacks, with a growth rate over 430%.
- The manufacturing sector remains the most targeted industry vertical, accounting for nearly 15% of total ransomware attacks. It is followed by the services sector, which experienced approximately 12% of the total quantity of ransomware attacks last year.
- 25 new ransomware families were identified as using double extortion or encryption-less extortion attacks this year.
“Ransomware-as-a-Service has contributed to a steady rise in sophisticated ransomware attacks,” Desai says. “Ransomware authors are increasingly staying under the radar by launching encryption-less attacks which involve large volumes of data exfiltration.”
To counter this trend, Desai says organizations must move away from using legacy point products and, instead, migrate to a fully integrated zero trust platform that minimizes their attack surface, prevents compromise, reduces the blast radius in the event of a successful attack and prevents data exfiltration.
This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerbh to learn more about them!
The full interview is above. Notable points along the way:
00:00 - Zscaler's Deepen Desai discusses ransomware threat landscape
01:42 - Global ransomware attacks rise 38% in 2018
02:59 - Ransomware attacks start with phishing, gain access, steal data
04:05 - Defending against multi-stage ransomware attacks with zero-trust architecture
06:05 - Global targeted attacks: United States, Europe, India
07:07 - Best practices for protecting against multi-stage attacks
08:13 - Cloud native Zscaler security for remote users