Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
Date:
Sun, 10 Nov 2024 09:31:00 +0000
Description:
As phishing evolves, new tactics such as HTML smuggling and AI-driven personalization are making attacks harder to detect.
FULL STORY ======================================================================Phishing
attacks are becoming more complex and harder to detect Attackers are using new techniques such as QR codes and deepfakes Some businesses are receiving
36 phishing emails per day
Phishing attacks are consistently on the rise and becoming more
sophisticated, as cybercriminals no longer rely solely on basic email
schemes, instead incorporating new tactics such as QR code phishing (quishing), AI -powered attacks, and multi-channel phishing to enhance their effectiveness.
A new Egress report has revealed phishing attacks spiked in the second
quarter of 2024, with a 28% rise in the number of phishing emails compared to the first quarter.
Phishing attacks are also becoming more sophisticated. Cybercriminals now use a variety of new tactics to bypass secure email gateways (SEGs) and native defenses like Microsoft 365s security features. In Q2 2024 alone, there was a 52.2% increase in phishing attacks that successfully bypassed SEG detection. Commodity attacks - a mass-produced threat
One type of phishing that has seen a notable increase in 2024 is commodity attacks. These are mass-produced, malicious campaigns that impersonate well-known brands on a large scale to trick users into clicking on fake promotions, images, or hyperlinks.
The report reveals that during these attacks, organizations experience a staggering 2,700% increase in phishing attempts, with organizations over the 2,000 employee mark would have to deal with over 1,128 phishing emails over
31 days, which is about 36 phishing emails per day. The sheer volume of these attacks can overwhelm many companies' security systems, making it
increasingly difficult to prevent every malicious email from reaching an employee's inbox.
One of the methods used to bypass SEG is HTML smuggling, where attackers hide malicious scripts inside HTML attachments. Once opened by the user, the
script assembles itself on the victims device, bypassing traditional signature-based detection. Another tactic involves embedding phishing links within seemingly legitimate documents or exploiting vulnerabilities in
trusted websites to host malware .
Businesses must now implement advanced security measures and foster a culture of awareness to better protect themselves against the growing threat of phishing.
Phishing attacks are increasingly using AI-powered tools to scale their operations. AI allows cybercriminals to automate and personalize phishing campaigns, making them more convincing and harder to detect. Deepfakes and AI-generated chatbots are now major tools of choice for cybercriminals.
These technologies allow attackers to impersonate trusted individuals or organizations, further increasing the likelihood of success. This year, there has been a significant rise in "payloadless" attacks which rely solely on social engineering rather than traditional malicious attachments or links, accounting for nearly 19% of phishing attempts in 2024, up from 5.4% in 2021.
Cybercriminals are also using multi-channel phishing tactics, allowing
hackers to target victims across multiple platforms such as email, SMS, and even collaboration platforms like Microsoft Teams. This multi-channel
approach has become more common in 2024, exploiting the relative lack of security on non-email platforms. You might also like New method for phishing discovered for Android and IPhone users Here's a list of the best firewalls today These are the best antivirus services right now
======================================================================
Link to news story:
https://www.techradar.com/pro/phishing-attacks-surge-in-2024-as-cybercriminals -adopt-ai-tools-and-multi-channel-tactics
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)