August 16, 2022

Agari’s Cyber Intelligence Report for the second quarter of 2022 shows that the use of “hybrid vishing” has increased by a massive 625% since the first quarter of 2021. However, the report notes that phishing volume has increased by 6% compared to the first quarter of 2022.

Vishing, also known as “voice phishing.” This type of attack is carried out using automated text-to-speech systems, which induce a victim to call a number controlled by the attack.

“Hybrid Vishing attacks reached a six-quarter high in Q2, increasing 625% from Q1 2021. This threat type also contributed to 24.6% of the overall share of Response-Based threats. While this is the second quarter hybrid vishing attacks have declined in share due to the overall increase of response-based threats, vishing volume has steadily increased in count over the course of the year,” the Agari report states.

Vishing, also known as callback phishing attacks, was first introduced as part of the “BazarCall / BazaCall” campaign, which was launched in March 2021 and was used to gain first access to corporate networks for ransomware attacks.

Other notable trends in the report include an increased targeting of telecommunication service providers, but financial organisations remain the most targeted sector.

The detection evading tactic of using compromised websites to spread phishing messages is still widespread, with analysts seeing growth of 6.7% compared to the last quarter.

The sources for this piece include an article in BleepingComputer.