May 2021 Saw a 440% Increase in Phishing

Around half of businesses (45.49%) and consumers (52.35%) on average saw at least one sustained additional infection in May 2021, according to the latest metrics from Webroot Brightcloud Mid Year Threat Report.

In May 2021, the report revealed a 440% increase in phishing, holding the record for the single largest phishing spike in a single month. It also showed that industries such as oil, gas and mining saw a 47% increase in the same six-month period, with manufacturing and wholesale traders seeing a 32% increase.  

The report extends its yearly threat intelligence report, with updated metrics between January 1 and June 30 2021. It also investigates the latest trends in malware, phishing and crypto exchanges.

The Mid Year Threat Report found that big brands continued to suffer from cyber extortion and ransomware. PayPal accounted for 1% of the top 200 phished brands but saw a 1,834% spike in May — showing that financial institutions are a top target.

Webroot Brightcloud also found that technology supply chains were under attack. The management of companies and the enterprise industry showed a significant increase in malware infections — 57% versus the global average.

“People aren’t learning from their cyber mistakes, and more concerning, they aren’t equipped with knowledge on how to prevent repeat mistakes,” says Grayson Milbourne, security intelligence director at Webroot. “Organizations must take ownership of the issue and do all they can in leading their people to improve security awareness, knowledge and habits.”

The report also found that phishing attacks are increasingly targeting crypto exchanges and wallets. Observations by Webroot found that there was a 75% increase in Coinbase phishing pages using HTTPS immediately after Coinbase’s IPO.

It also found that crytojacking also remained active, but had declined since March 2020, says the report. This was due to the end of several crypto mining operations such as Minr, XMROmine and JSECoin. Webroot also found that cryptojacking activity saw a decline of 39% by the end of June 2021.

“Cryptocurrency is like leaving behind digital breadcrumbs on blockchain, and while cryptojacking in the browser is dead, crypto mining using applications is still very profitable and might yield a higher reward over time than a ransomware demand,” explains David Dufour, vice president of engineering at Webroot.

What’s Hot on Infosecurity Magazine?