Numbers and figures may provide the best guidance for predictions and strategies for a more resilient cybersecurity strategy. However, it is not always easy to find them when needed. 

With the hope of helping the community, in this live blog you can find an updated list of published reports about phishing and some significant numbers:

1- CTI Networking Report ( January)

Sharing cyberthreat intelligence is a practical element in fighting phishing. This research shows that practitioners trust peer-to-peer trust groups more.

Participation Trust groups, social media, and 1-to-1 have the most participation across the seven methods presented. The top methods showcase an interesting spread: from the most accessible and public to harder-to-access private groups to the most exclusive (and manual) form of 1-on-1 networking.

2- Proofpoint: State of the Phish 2022 (February)

3- Phishlabs’ Quarterly Threat Trends and Intelligence (May)

• Brand Impersonations are a convenient target for threat actors up 339% in one year.

• The average number of attacks per target is up 105% from Q1 2021 to Q2 2022.

• Qbot led the way for the second consecutive quarter with a re-emergence of Emotet.

• Attacks are up almost 550% in volume from Q1 2021.

• Financials continued to experience a majority of phishing attacks, accounting for 53.8% of all incidents.

• In Q1, nearly 52% of phishing sites were staged through compromised sites or by a threat actor registering a paid domain.

• Nearly 66% of all phishing sites observed in Q1 were staged using Legacy gTLDs.
• In Q1, malicious emails targeting user inboxes increased, after a minor dip in reports during Q4.

• Employee-reported emails classified as malicious have steadily grown since Q1 2021 and pose a significant threat to organizations.

• While most employee-reported emails are not classified as malicious, the identification and reporting of suspicious activity by a trained workforce is needed to prevent attacks that increasingly make it past email filters.

• While nearly 82% of reported emails were classified as No Threat Detected, messages that were considered Malicious or suspicious enough that interaction could be considered hazardous increased in share to represent 18.3% of reports.

4- The APWG’s Phishing Activity Trends Report (June)

• The APWG’s Phishing Activity Trends Report reveals that in the first quarter of 2022 there were 1,025,968 total phishing attacks—the worst quarter for phishing observed to date. This quarter was the first time the three-month total has exceeded one million. There were 384,291 attacks in March 2022, which was a record monthly total.

• Phishing against social media services rose markedly, from 8.5 percent of all attacks in 4Q 2021 to 12.5 percent in 1Q 2022. Phishing against cryptocurrency targets—such as cryptocurrency exchanges and wallet providers—inched up from 6.5 in the previous quarter to 6.6 percent of attacks.

• “In the first quarter of 2022, 82 percent of Business Email Compromise messages were sent from free webmail accounts. Of those, 60 percent used Gmail.com. For the 18 percent of BEC messages sent from attacker-controlled domains, NameCheap was the most popular registrar.

5- Phishing Landscape 2022: An Annual Study of the Scope and Distribution of Phishing (July)

• The study, which analyzes over 3 million phishing reports representing over 1.1 million phishing attacks, shows that phishing increased by 61% over the period 1 May 2021 through 30 April 2022.

• A small number of registrars dominate malicious domain registration in some TLDs. More than 80% of the malicious domains were registered in four TLDs through just one registrar.

• Phishers deliberately registered 69% of all domains—and 92% of new gTLD domains—on which phishing occurred. 58% of all reported phishing attacks were hosted on these maliciously registered phishing domains.

• Cryptocurrency phishing rose 257%. Nearly 80% of the gTLD domains reported for phishing were maliciously registered. Wallets were the most targeted brands.

6- Abnormal Security Threat Report (August)

• 150% year-over-year increase in business email compromise attacks

• 89% of large enterprises receive a financial supply chain compromise attack each week.

• 265 individual brands were impersonated in credential phishing attacks, with LinkedIn and Microsoft taking the lead.

• Believing their account has been compromised and/or they’re at risk of losing access, employees deliver sensitive information directly to the attackers.

• Over the first half of 2022, we saw 265 individual brands impersonated in phishing emails.

Social networks, Microsoft products, eCommerce, and shipping solutions were favored most by attackers, accounting for nearly 70% of all impersonated brands.

7- Cyber Information Sharing (October)

Conventional criminal justice efforts are failing to limit the risks of engaging in malicious online activity. In the US, the likelihood of successfully prosecuting a cybercrime is estimated at 0.05%, far below the 46% rate of prosecution for violent crime.