Phishing attacks have experienced a notable increase, with Egress' latest Phishing Threat Trends Report revealing a staggering 28 percent surge in attacks during the second quarter of 2024. This upward trend in phishing incidents stems from multiple factors, chiefly the evolution of technology and the sophistication with which cybercriminals now operate.
Speaking to BetaNews, Jack Chapman, Senior Vice President of Threat Intelligence at Egress, outlined that hackers are leveraging a plethora of new AI-driven tools for generating email communications, crafting malicious payloads, and producing deepfake technologies, which contribute to the complexity and effectiveness of phishing tactics. The landscape of cyber threats is being reshaped by the burgeoning Crime as a Service (CaaS) ecosystem, where professional services are readily available for hackers. These services facilitate everything from the assembly of phishing attacks to supplying ready-to-use toolkits designed to bypass traditional security measures like Secure Email Gateways (SEGs).
Key findings from the report indicate a significant trend: from January 1 to August 31, 2024, 44 percent of phishing attacks were perpetrated through compromised accounts. This tactic enables attackers to sidestep authentication protocols and gain unrestricted access to a victim's networks and relationships, rendering the attack substantially more potent. Of these, 8 percent were traced back to accounts within the target organisation's supply chain.
The report further identified that hyperlinks, featured in 45 percent of the cases, were the most common form of malicious payload, followed by attachments at 23 percent. Notably, the emerging technique of "quishing," which utilises image-based phishing attempts to evade detection, has become entrenched as a prevalent threat, reflecting a sharp increase in usage over the past year.
The study also highlights the rise of commodity attacks—large-scale phishing campaigns characterised by high volumes of simultaneous attacks aimed at overwhelming security systems. During such campaigns, organisations can experience an average increase of 2,700 percent in phishing attempts, as attackers utilise volume and randomness in their communications to circumvent traditional detection methods.
Impersonation tactics have surged significantly, with a striking 89 percent of phishing emails now featuring impersonation, predominantly mirroring well-known brands. Adobe was identified as the most impersonated brand in the first half of 2024, along with other commonly targeted entities such as video conferencing platforms and delivery services. Notably, impersonating internal communications from an organisation—particularly from HR departments—also became a common strategy among cybercriminals.
To fortify against such phishing threats, organisations are advised to bolster their security measures and enhance employee awareness. Best practices include establishing clear communication protocols, especially for critical departments like HR and IT, and empowering employees to validate unexpected communications. Emphasis is also placed on organisations adopting multi-layered security strategies to evolve alongside the increasingly sophisticated tactics employed by cybercriminals.
As articulated by Chapman, the findings from the 2024 Phishing Threat Trends Report paint a daunting picture of a threat landscape marked by escalating complexity and the rampant adoption of advanced tools, including AI, by malicious actors. This evolution necessitates a proactive and adaptable approach to cybersecurity to mitigate the risks posed by phishing in what many analysts predict will be an even more challenging landscape in 2025 and beyond.
Source: Noah Wire Services