Phishing attacks in December totaled 316,747, the highest monthly total ever recorded by Anti-Phishing Working Group, (APWG) since it began tracking the cybercrime in 2004. Overall, the number of phishing attacks has tripled from early 2020, when the APWG was observing between 68,000 and 94,000 attacks per month.
The APWG, which was founded in 2003, is an industry, law-enforcement, and government coalition focused on unifying the global response to electronic crime.
Financial institutions were the most frequently targeted companies during the fourth quarter, accounting for more than 23% of phishing attacks. Attacks against software-as-a-service/email providers accounted for more than 19% of attacks, followed by e-commerce/retail, which accounted for more than 17%, and payment providers, which suffered more than 9%. Phishing against cryptocurrency targets — such as exchanges and wallet providers—inched up, accounting for more than 6% of attacks.
The number of unique phishing sites, which are determined by the unique base URLs found in phishing emails reported to APWG’s repository, increased steadily throughout the fourth quarter of 2021, rising from 267,530 in October to 316,747 in December. Unique e-mail subjects, which use the subject line in an email to lure an unsuspecting consumer to open the message, also grew steadily during the quarter from 12,350 in October to 16,461 in December.
On the plus side, the number of brands attacked during the fourth quarter declined from a record 715 in September 2021 to 521 in December. The number of brands targeted for attack during the quarter peaked at 682 in November.
Ransomware attacks, which are often byproducts of phishing attacks, grew 36% from the third quarter to the fourth. From the beginning of 2020 through the end of 2021, 4,200 companies, organizations, and government institutions fell victim to a ransomware attack. Manufacturers were the most targeted companies, accounting for 20% of attacks, followed by retailers and wholesalers at 13%, business services at 12%, and construction at 8%.
“The overall distribution of ransomware victims indicates that ransomware attacks are industry-agnostic,” Crane Hassold, director of threat intelligence at Abnormal Security Corp., says in a prepared statement. Abnormal Security contributed data to the APWG’s fourth-quarter report.
“Like with other financially motivated cyber attacks, the focus of most ransomware attacks is more about the ability to quickly profit from the exploitation of a corporate network and less about the characteristics of the victim company itself,” says Hassold.
From a geographic standpoint, nearly half of all ransomware victims were located in the United States, followed by the United Kingdom, France, Canada, and Germany.
More than half of all ransomware attacks in the fourth quarter were linked to just three cybercrime groups: LockBit, Conti, and Pysa, according to the APWG report. These criminal organizations often provide “ransomware as a service,” supplying tools to individual affiliates.
“Sometimes the members or affiliates of a group divide up the work involved in attacks, and the leadership of a group may approve the selection of targets,” Hassold says “Abnormal Security has seen that whenever an important group has exited the scene, one or more new groups enters. The silver lining to this top-heavy ecosystem is that disruptive actions against one of these primary groups, such as law-enforcement takedowns, can have a significant impact on the overall landscape.”