Cloud security company Zscaler has released the Zscaler ThreatLabz 2024 Phishing Report, which finds that AI-driven phishing attacks increased 60% in 2023 and that Australia was one of the most targeted countries.
The report’s data was based on two billion blocked phishing transactions across the Zscaler Zero Trust Exchange platform, between January and December 2023, where Australia is listed as one of the top 10 countries identified as the main origins of phishing attack.
“The potential of AI is reshaping the cyber threat landscape and redefining what is possible in the world of cyberattacks, particularly phishing scams. The findings show 29,427,987 phishing attempts in Australia alone, emphasising the widespread threat posed by this type of attack” said Eric Swift, ANZ Vice President at Zscaler. “Phishing remains a persistent threat, and with the emergence of new technologies, it is crucial organisations understand the best practices to protect against phishing threats. The findings show a proactive zero trust approach with advanced AI-powered capabilities is imperative to address evolving threats.”
Among the report’s ket findings are:
- Vishing (voice phishing) and deepfake phishing attacks are on the rise as attackers leverage generative AI to amplify social engineering tactics;
- Australia is within the top ten countries, alongside US, UK, India and Germany, targeted by phishing scams;
- Australia experienced a 479.3% surge in volume of phishing content;
- Manufacturing was the most targeted industry which experienced the highest volume of attacks in Australia, Korea, Malaysia, Singapore, and Taiwan; and
- ANZ Banking Group ranks 11th in the imitated brands of phishing attempts.
Australian manufacturers experienced the highest number of phishing attacks between January and December 2023, with 5,984,195 attacks recorded in the manufacturing sector and 5,776,337 attacks in the services sector. Following these sectors were industries such as technology, government, education, finance and insurance, retail, and wholesale sectors in the region.
In 2023, the United States (55.9%) emerged as the top country targeted by phishing scams, followed by the United Kingdom (5.6%) and India (3.9%). The high occurrence of phishing in the US is attributable to its advanced digital infrastructure, large population of internet-connected users and extensive use of online financial transactions. The majority of phishing attacks originated from the US, UK, and Russia, while Australia entered the top 10 due to a 479% year-over-year surge in the volume of phishing content hosted in the country.
The finance and insurance sector experienced the highest number of overall phishing attempts, amounting to a 393% increase in attacks from the previous year. Reliance on digital financial platforms provides ample opportunities for threat actors to carry out phishing campaigns and exploit vulnerabilities in this sector.
The manufacturing industry also experienced a significant uptick (31%) in phishing attacks from 2022 to 2023, underscoring the growing awareness of the industry’s vulnerability. As manufacturing processes become more reliant on digital systems and interconnected technologies like IoT/OT, the risk of exploitation by threat actors seeking unauthorised access or disruption also grows.
ThreatLabz researchers also identified enterprise brands such as Microsoft, OneDrive, Okta, Adobe and SharePoint as prime targets for impersonation due to their widespread usage and the value associated with acquiring user credentials for these platforms. ANZ Banking Group ranked eleventh among the top twenty enterprise brands imitated for phishing attacks.
Microsoft (43%) emerged as the top imitated enterprise brand in 2023, with its OneDrive (12%) and SharePoint (3%) platforms also ranking in the top five brands and serving as lucrative targets for cybercriminals aiming to exploit Microsoft’s vast user base.
You can read the full report here.
