Social media as a threat channel saw a two-fold increase in attacks throughout 2021, according to the latest Quarterly Threat Trends & Intelligence Report from PhishLabs by HelpSystems. During the year PhishLabs analyzed hundreds of thousands of phishing and social media attacks targeting enterprises, their employees, and brands. The report provides an analysis of the latest findings and insights into key trends shaping the threat landscape.
According to the findings, the number of social media attacks per target increased 103 percent from January 2021, when enterprises were experiencing an average of just over one threat per day. In December, enterprises averaged over 68 attacks per month, or more than two per day.
“2021 was another record-setting year for social media as a threat channel. Threat actors use social media to commit fraud, impersonate brands and executives, and launch a variety of cyber threats, forcing security teams to monitor a variety of platforms for activity targeting their enterprise,” said John LaCour, Principal Strategist at HelpSystems. “Financial Institutions were the most actively targeted by threat actors since their services are often used broadly across several business sectors.”
Additional key findings in the report include:
- Hybrid Vishing (voice phishing) attacks initiated by email increased 554 percent in volume from Q1 to Q4.
- Phishing volume has grown 28 percent year-over-year, with half of all phishing sites observed in Q4 being staged using a free tool or service.
- Malware delivered via email nearly tripled in Q4, led by a resurgence in Qbot and ZLoader attacks.
- 70 percent of advertisements for stolen data took place on chat-based services and carding marketplaces in Q4.
- The percentage of attacks targeting financial institutions increased from 33.8 percent in Q1 to 61.3 percent of all phishing sites observed in Q4.