Phishing is on the rise. Our latest Phishing Threat Trends Report shows a 28% surge in attacks in the second quarter of 2024 alone. But what’s behind the increase? There are a few factors in play. Like any other form of threat, phishing is becoming more sophisticated with hackers now having access to a variety of new AI-powered tools to generate email messages, payloads, and even deepfakes.
Further, these technologies and the cyberattacks they can create are now easier to access than ever. Especially as more hackers tap into the professional services on offer from a mature and diverse Crime as a Service (CaaS) ecosystem of providers selling everything from the mechanisms to create attacks to pre-packaged phishing toolkits that promise to evade native defences and secure email gateways (SEGs).
For example, threat actors can use AI in every aspect of phishing – from speeding up intelligence gathering on potential targets, to creating and automating the sending of highly personalised attacks. AI improves the speed and scale of attack creation, making it easier for even relatively inexperienced cybercriminals to launch sophisticated campaigns. As access to AI-powered tools open up, deepfakes are also becoming more common. Here, attackers are targeting multiple channels to bypass security measures, such as beginning with phishing emails containing a link to a video meeting featuring a deepfake.
Key trends from 2024
Between 1st January – 31st August, 44% of attacks were sent from compromised accounts, enabling cybercriminals to bypass authentication protocols. Specifically, 8% of attacks originate from an account within an organisation’s supply chain. Compromised accounts allow attackers to bypass security measures and gain access to the victim’s existing relationships and target lists, making the attack more effective.
The most prevalent payloads were hyperlinks, found in 45% of cases, followed by attachments, which appeared in 23%. Following a sharp rise in the last 12 months, quishing is now firmly embedded in the threat landscape, with cybercriminals using these image-based attacks to elude detection by native security software and SEGs.
Commodity attacks
Attackers don’t only rely on new tools and payloads to increase their phishing success rates; they also rely on a range of tactics when targeting organisations. Commodity attacks are one such tactic that is currently rising in popularity. These are large-scale phishing campaigns where the hacker sends a significantly high volume of attacks in a single wave. Often sent to email addresses linked to a public data breach, the goal is to overwhelm the security team and the recipients, either so mistakes are made or so that one or two targeted and damaging spear phishing attacks are less likely to be spotted.
During a commodity campaign, on average organisations experience a staggering 2,700% increase in phishing attacks compared to their normal baseline. We also found that these attacks are primarily image-based, with 51.1% featuring a single image. Almost two-thirds include hyperlinks (72.3%) and randomise elements like links and display names to evade detection by traditional signature-based and reputation-based security.
Impersonation attacks
A staggering 89% of phishing emails now involve impersonation with Adobe being the most impersonated brand between 1st January – 31st August 2024. It is also common to see emails impersonating phone or video conferencing providers, such as Zoom, and delivery services like UPS or DPD, which draw users in with ‘missed voicemail’ or ‘missed delivery’ campaigns.
The next most common impersonation attacks involve posing as the recipient’s company, accounting for 16% of these phishing emails. HR is the most frequently impersonated department for these types of attacks. Additionally, cybercriminals can use LinkedIn, company websites, and even news announcements to identify new hires at target organisations, which they then leverage to launch impersonation and social engineering attacks against them. New employees are the most targeted individuals for phishing emails impersonating VIPs, as part of CEO fraud attacks.
Protecting the organisation from phishing attacks
There are measures that organisations must take to enhance their defences against the evolving phishing threat landscape and better protect themselves and their employees.
There are some best practices to strengthen the human firewall. It’s important to understand and communicate what normal looks like for brands and suppliers as a first step to detecting impersonation. Organisations should also look to standardise and validate communication channels, especially for roles like HR and IT. Additionally, organisations should assess their vulnerability to supply chain and vendor-based compromises.
It’s key to empower employees to validate communications. Normalise employees saying, ‘let me call you back on the number I have for you on record’ to ensure the person with whom they are interacting with is genuine.
Cybercriminals are engineering their attacks to evade the detection used by email platforms and SEGs. So, it’s time for organisations to level up their technical defences. While cybercriminals are deploying AI for malicious purposes, the technology can also be leveraged to understand normal communication patterns and behaviour for individuals and organisations to better detect anomalies and prevent phishing.
Our latest Phishing Threat Trends Report offers a sobering glance into the multifaceted world of phishing strategies in 2024 which will only grow more complex in 2025 and beyond. It reveals a clear escalation in attack sophistication on a larger scale, leveraging more tools and innovative technologies, like AI, that make it more difficult for legacy technologies and people to spot an attack. Companies must adapt their security approach and implement a multi-layered strategy to evolve quicker than the attackers.