Australia has been named among the top 10 sources of phishing attacks, according to the 2024 Phishing Report by ThreatLabz, the embedded research team at cloud security firm Zscaler.
The report, which analysed data from two billion blocked phishing transactions on the Zscaler Zero Trust Exchange platform, provides insights into the changing landscape of phishing threats.
The Australian Competition and Consumer Commission’s (ACCC) Scamwatch service recorded nearly 109,000 reports of phishing scams in 2023, resulting in losses of AU$26.1 million. There was a notable 479.3% increase in the volume of phishing content hosted within Australia.
The manufacturing industry in Australia was the hardest hit, with 5,984,195 phishing attacks from January to December 2023. The services industry was next, experiencing 5,776,337 attacks. Other sectors such as technology, government, education, finance and insurance, and retail and wholesale also reported high levels of phishing activity.
ThreatLabz’s report noted a global rise in AI-driven phishing attacks, which increased by nearly 60% year-over-year.
Attackers are increasingly using generative AI technologies, such as voice phishing (vishing) and deepfake phishing, to enhance their social engineering tactics.
The report found more than 29 million attempts of phishing in Australia, emphasising the urgent need for organisations to focus on cyber resilience.
“The findings show 29,427,987 attempts of phishing in Australia alone, emphasising the widespread threat posed by this type of attack. Phishing remains a persistent threat, and with the emergence of new technologies, it is crucial organisations understand the best practices to protect against phishing threats. The findings show a proactive zero trust approach with advanced AI-powered capabilities is imperative to address evolving threats,” said Eric Swift, area vice president, ANZ at Zscaler, as reported by Security Brief.
On a global scale, North America accounted for more than half of all phishing attacks, with the majority originating from the US, the UK, and Russia. Australia entered the top 10 due to the substantial increase in hosted phishing content. The US led with 55.9% of phishing attempts, followed by the UK at 5.6% and India at 3.9%.
The financial and insurance industries saw a nearly 400% rise in phishing attacks, attributed to the increased use of digital financial platforms. The manufacturing industry also experienced a 31% rise in phishing attacks.
ThreatLabz researchers further found that Microsoft continued to be the most impersonated brand in phishing attacks, with 43% of incidents involving the company. Microsoft’s OneDrive and SharePoint platforms were also among the top five brands exploited by cybercriminals.
The ANZ Banking Group was ranked 11th among the top 20 enterprise brands targeted in phishing attempts.
A recent study found that internal communication failures could significantly impact Australian companies’ cyber capabilities.
The “The State of Application Security in 2024” report gathered insights from a global pool of 1,300 chief information security officers (CISOs), including 100 from Australia. It also interviewed 10 chief executive officers (CEOs) and chief financial officers (CFOs) from major enterprises.
