APWG 1Q 2022: Phishing Reaches Record High; APWG Observes One Million Attacks Within the Quarter – For the First Time – in the First Quarter of 2022

Retreat of Cybercrime Gangs Reduces Ransomware Propagation by 25 Percent in 1Q 2022

CAMBRIDGE, Mass.—The APWG’s new Phishing Activity Trends Report reveals that in the  first quarter of 2022 the APWG observed 1,025,968 total phishing attacks—the worst quarter for phishing that APWG has observed to date.  This quarter was the first time the three-month total has exceeded one million. APWG saw 384,291 attacks in March 2022, which was a record monthly total.

The full text of the report is available here: http://docs.apwg.org/reports/apwg_trends_report_q1_2022.pdf

No alt text provided for this image

 In the first quarter of 2022, APWG founding member OpSec Security reported that phishing attacks against the financial sector, which includes banks, remained the largest set of attacks, accounting for 23.6 percent of all phishing.  Attacks against webmail and software-as-a-service (SAAS) providers remained prevalent as well, while attacks against retail/ecommerce sites fell from 17.3 to 14.6 percent after the holiday shopping season.  Phishing against social media services rose markedly, from 8.5 percent of all attacks in 4Q2021 to 12.5 percent in 1Q2022. Phishing against cryptocurrency targets—such as cryptocurrency exchanges and wallet providers—inched up from 6.5 in the previous quarter to 6.6 percent of attacks.  

No alt text provided for this image

 John Wilson, Senior Fellow of Threat Research at APWG member HelpSystems, tracks the identity theft technique known as “business e-mail compromise” (BEC). Wilson noted that “In the first quarter of 2022, 82 percent of Business Email Compromise messages were sent from free webmail accounts. Of those, 60 percent used Gmail.com. For the 18 percent of BEC messages sent from attacker-controlled domains, NameCheap was the most popular registrar.

No alt text provided for this image
(c) 2022 APWG Studios

“One third of all maliciously registered domains use for BEC attacks were registered via NameCheap,” Wilson pointed out.

APWG member PhishLabs by HelpSystems analyzes malicious emails reported by corporate users. John LaCour, Principal Product Strategist at PhishLabs by HelpSystems, said that “In the first quarter of 2022, we observed a 7 percent increase in credential theft phishing against enterprise users, up to nearly 59 percent of all malicious emails.”  LaCour also noted that impersonation attacks were 47 percent of social media threats, up from 27 percent the prior quarter.  

No alt text provided for this image

“A lot of companies don’t realize that their executives are being spoofed on social media. This is a huge business risk,” said LaCour.

On another front, APWG member Abnormal Security documents the dangerous nature of ransomware for all kinds of companies.  Abnormal Security found the total number of ransomware attacks decreased by 25 percent in the first three months of 2022, falling to a similar level that Abnormal observed in the third quarter of 2021.  This decrease seems to be primarily caused by a big drop in attacks from two prolific cybercrime gangs, Pysa and Conti, known to develop and deploy ransomware at scale.

Hassold said that “The disappearance of Pysa and the significant drop in attack volume from Conti clearly had a substantial impact in the overall ransomware landscape in the first quarter of the year. This demonstrates the centralized nature of the ransomware landscape, meaning a relatively small number of groups are responsible for a majority of attacks. This also means that any actions taken against those groups (law enforcement disruption, infrastructure takedown, etc.) can have a noticeable impact on overall attack volume.

“This is very different from something like BEC, which is highly decentralized, where the removal of dozens or even hundreds of actors wouldn’t have that much of an overall impact on attack volume because there is no ‘head of the snake’ to go after,” Hassold said.

The top industries impacted by ransomware in Q4 2021 were manufacturing, business services, finance, and retail and wholesale firms, said Crane Hassold, Director of Threat Intelligence at Abnormal Security.

The full text of the report is available here: http://docs.apwg.org/reports/apwg_trends_report_q1_2022.pdf


Founded in 2003, the Anti-Phishing Working Group (APWG) is a not-for-profit industry association focused on eliminating the identity theft and frauds that result from the growing problem of phishing, crimeware, and electronic messaging spoofing. Membership is open to financial institutions, online retailers, ISPs, solutions providers, the law enforcement community, government agencies, multilateral treaty organizations, and NGOs. There are more than 2,200 enterprises worldwide participating in the APWG.

Operationally, the APWG conducts its core missions through: APWG, a US-based 501(c)6 organization; the APWG.EU, the institution’s European chapter established in Barcelona in 2013 as a non-profit research foundation incorporated in Spain and managed by an independent board; the STOP. THINK. CONNECT. Messaging Convention, Inc., a US-based non-profit 501(c)3 corporation; and the APWG’s applied research secretariat <http://www.ecrimeresearch.org>.

APWG’s directors, managers and research fellows advise: national governments; global governance bodies such as the Commonwealth Parliamentary AssociationOrganisation for Economic Co-operation and DevelopmentInternational Telecommunications Union and ICANN; hemispheric and global trade groups; and multilateral treaty organizations such as the European Commission, the G8 High Technology Crime Subgroup, Council of Europe’s Convention on CybercrimeUnited Nations Office of Drugs and CrimeOrganization for Security and Cooperation in EuropeEuropol EC3 and the Organization of American States. APWG is a founding member of the steering group of the Commonwealth Cybercrime Initiative at the Commonwealth of Nations.

APWG‘s clearinghouses for cybercrime-related machine event data send more than a billion data elements per month outbound to APWG’s members to inform security applications, forensic routines and research programs, helping to protection millions of software clients and devices worldwide. APWG Engineering continues to work with data correspondents worldwide to develop new data resources.

APWG‘s STOP. THINK. CONNECT. cybersecurity awareness campaign has officially engaged campaign curators from 26 nations, 13 of which are currently deployed by cabinet-level government ministries and national-scope NGOs.

The annual APWG Symposium on Electronic Crime Research, proceedings of which are published by the IEEE, attracts scores of papers from leading scientific investigators worldwide. The conference, founded in 2006 by APWG, is the only peer-reviewed conference dedicated exclusively to cybercrime studies.

Media Contact: pr@apwg.org – Tel: +1 617 669 1123