In The Human Factor Report 2022, security vendor Proofpoint found that SMS phishing (smishing) attacks more than doubled year-on-year in 2021. The report is based on their analysis of over 2.6 billion email messages, 49 billion URLs, 1.9 billion attachments, 28 million cloud accounts and 1.7 billion mobile messages.
The study details most common attack surfaces and methods including categories of risk, vulnerabilities, attacks, Russian Aligned APT’s, and Privilege as a vector.
- 50% – Managers and executives make up only 10% of users, but almost 50% of the most severe attack risk
- 100k – Attackers attempt to initiate more than 100,000 telephone-oriented attacks every day.
- Malicious URLS are 3-4x more common than malicious attachments.
- Smishing attempts more than doubled in the U.S. over the year, while in the U.K. over 50% of lures are themed around delivery notification.
- More than 20 million messages attempted to deliver malware linked to eventual ransomware attack
- Data loss prevention alerts have stabilized as businesses adopt permanent hybrid work models.
- 80% of businesses are attacked by a compromised supplier account in any given month.
- 35% of cloud tenants that received a suspicious login also saw suspicious post-access activity.