Social Engineering Threats Rose 270% in 2021 – Indicating a Shift to Multi-Channel Phishing Attacks as Apps and Browsers Move to the Cloud

Humans are the most vulnerable cybersecurity entry points into an organization. By moving completely to the cloud, apps and browsers are all humans need to communicate with work, family, and friends. In the Human Hacking report recently published by SlashNext Threat Labs, data shows phishing attacks rose 51% over 2020 (a record-breaking year), and 59% were credential stealing. 

As human interaction has largely moved to the cloud, cybercriminals are taking advantage of this by attacking outside of email and looking to less secure channels like SMS text, social media, gaming, collaboration tools, and search apps. Social engineering is the cybercriminal’s preferred method of hacking humans, as demonstrated in the 270% increase in social engineering threats found by SlashNext in 2021. There were many contributing factors to the increase, including one million malicious URLs in July during the Tokyo Olympics found on all digital channels, including apps and browsers.

DevOps Experience

The other contributing factor to the spike in social engineering is the 2021 LinkedIn data breach. The two data breaches at LinkedIn resulted in over one billion records being sold on the Darkweb, available to cybercriminals to increase spear-phishing efforts towards high-value targets. Cybercriminals are using these attacks to gain access to corporate data, which leads to 91% of all successful cyber breaches – including ransomware attacks, data theft, and over $30 billion of financial fraud.  

Another trend revealed in the report is the increase in phishing on legitimate hosting infrastructure. Of the more than 14 million malicious URLs SlashNext identified in 2021, 2.5 million were spear-phishing hosted on legitimate infrastructures like AWS, Azure,, and What is attractive about using legitimate infrastructure is the opportunity for cybercriminals to easily evade current detection technologies like secure email gateways, firewalls, and proxy.

The shifting phishing landscape, combined with cybercriminals’ access to automation, data, and intelligence, has quickly made human hacking the number one cyber threat. Previous security strategies, including secure email gateways,…