Perception Point has observed a 356% growth in the number of advanced phishing attacks attempted by threat actors in 2022.

According to the company’s 2023 Annual Report: Cybersecurity Trends & Insights report, the total number of attacks increased by 87%.

Among the reasons behind this growth is the fact that malicious actors continue to gain widespread access to new tools, including artificial intelligence (AI) and machine learning (ML)-powered tools.

These have automated the process of generating sophisticated attacks, including those characterized by social engineering as well as evasion techniques. 

“As the global threat landscape continues to evolve, we are sharing vital data that portrays the meteoric rise in the number of attacks, combined with increasingly sophisticated attack techniques that are designed to breach and damage organizations,” said Perception Point CEO, Yoram Salinger.

Additionally, the report highlighted that the changing threat landscape has resulted from the swift adoption of new cloud collaboration apps, cloud storage and productivity services for external collaboration.

Threat actors have adapted to this shift, with 2022 experiencing a 161% surge in attacks on cloud storage and collaboration apps, though email and the browser remained the leading attack vectors.

Overall, phishing was the most pervasive threat, accounting for 67.4% of all attacks. Last year also experienced a significant increase in business email compromise (BEC) attacks, which grew by 83%. Microsoft was the brand most impersonated in malicious emails – 3.3x more than the next most copied brand, LinkedIn.

Phone scam attacks also experienced a substantial growth (363%).

When examining specific channels, the proportion of advanced attacks increased significantly. For instance, advanced attacks account for 31.9% of threats on file storage tools and 56.9% on Amazon S3 buckets.

Although advanced attacks make up only 2% of all threats, Perception Point said they are complex and can cause significant damage to organizations. 

“This report clarifies the need for organizations to be vigilant in protecting their people from modern threats across the multiple business and collaboration channels,” Salinger added, “augmenting or replacing traditional security systems with effective prevention and rapid remediation services when required.”

This article first appeared in Infosecurity Magazine on May 23, 2023, written by Alessandro Mascellino.