Zscaler reports India has experienced the highest number of phishing attacks amongst Asia Pacific & Japan markets, accounting for 33% of phishing attempts in the region.
The Zscaler ThreatLabz 2024 Phishing Report has analyzed 2 billion blocked phishing transactions across the Zscaler Zero Trust Exchange platform, between January and December 2023. The data revealed a year-over-year increase of nearly 60% in global phishing attacks, fueled in part by the proliferation of generative AI-driven schemes such as voice phishing (vishing) and deepfake phishing.
This year’s report includes actionable insights on phishing activity and tactics, along with offering best practices and strategies to enhance an organization’s security posture to prevent and minimize related threats. It explored hosting countries for phishing content, distribution of company types based on server IP addresses, and the top referrers linked to these phishing attacks.
“In addition, enterprises across India are also exercising cyber vigilance and doubling down on their zero trust strategies to ensure their organization is well protected against emerging threats.”
Sudip Banerjee, CTO, Asia Pacific & Japan, Zscaler
“Phishing remains a persistent and often underestimated threat within the cybersecurity landscape, growing more sophisticated as threat actors harness cutting-edge advancements in generative AI and manipulate trusted platforms to intensify attacks. These findings emphasize the need for organizations to adopt a proactive layered approach that integrates a robust zero trust architecture with advanced AI-powered phishing prevention controls to effectively counteract these evolving threats,” said Deepen Desai, CSO and Head of Security Research.
In 2023, the United States (55.9%), United Kingdom (5.6%) and India (3.9%) emerged as the top countries targeted by phishing scams. India experienced over 79 million phishing attacks, ranking as the third highest volume of phishing attempts recorded in the Zscaler cloud in 2023 (following the U.S. at 1.1 billion and the U.K. at 112.9 million). Moreover, it stands out as the most targeted country in the APJ region for phishing attempts, accounting for 33.12% of the total phishing attacks in the region.
“ThreatLabz researchers identified enterprise brands such as Microsoft, OneDrive, Okta, Adobe, and SharePoint as prime targets for impersonation due to their widespread usage and the value associated with acquiring user credentials for these platforms.”
Deepen Desai, CSO and Head of Security Research, Zscaler
“As threat actors find new malicious means to extract and steal user data, steps are being taken by the Indian government, such as the implementation of Digital Personal Data Protection Act, to help circumvent the proliferation of such attack vectors. In addition, enterprises across India are also exercising cyber vigilance and doubling down on their zero trust strategies to ensure their organization is well protected against emerging threats,” shared Sudip Banerjee, CTO, Asia Pacific & Japan, Zscaler.
The finance and insurance sector experienced the highest number of overall phishing attempts, amounting to a 393% increase of attacks globally from the previous year. Whereas in India, the technology sector saw the highest volume of attacks, accounting for almost 33% of the phishing attacks observed in the country. Meanwhile, the manufacturing sector experienced the highest attacks in Australia, Korea, Malaysia, Singapore and Taiwan while the services sector was the top-targeted industry in Japan and Hong Kong.
Microsoft (43%) emerged as the top imitated enterprise brand in 2023, with its OneDrive (12%) and SharePoint (3%) platforms also ranking in the top five—serving as lucrative targets for cybercriminals aiming to exploit Microsoft’s vast user base. Report also shared that the organizations can implement a Zero Trust architecture with advanced AI-powered phishing prevention controls to effectively defend against the ever-evolving threat landscape highlighted in the report. The full Zscaler ThreatLabz 2024 Phishing Report gives a deeper dive into best practices for protecting organizations.
