A 58% Increase in Phishing Attacks in the Year of AI

Over the past year, the sophistication levels of phishing threats have seen an unprecedented rise, fuelled by the widespread usage of generative AI tools. The evolving AI technology is revolutionising the traditional phishing threat scenario by changing the-working methods of cybercriminals. It has newly enabled even beginners to conduct sophisticated and believable phishing attacks. This shift allows inexperienced cybercriminals to execute convincing, personalized scams with relative ease. Consequently, organizations are facing a slew of fresh challenges for protecting their data and systems against the increasing surge of phishing onslaughts.

The team at Zscaler ThreatLabz has published the 2024 Phishing Report in response. The report examines more than 2 billion phishing transactions from 2023, discovered within the Zscaler cloud. It serves to provide organizations with comprehensive insights into the rapidly changing phishing scenario. The report not only highlights the active phishing campaigns but also divulges novel schemes. It identifies the major targets by region, imitated brand, industry, and more. The findings of the ThreatLabz phishing underscore the necessity of constant vigilance and adopting zero-trust security approaches. The advice presented in the report aims at assisting organizations in fortifying their defenses against the developing phishing techniques.

Download the Zscaler ThreatLabz 2024 Phishing Report to access the requisite knowledge for pre-emptively tackling the surging tide of new phishing threats.

The subsequent findings are a selection of key phishing trend discoveries that reveal the evolution of phishing methods.

Uncover additional insights into each of these discoveries and more in the report.

Undeniably, GenAI has significantly increased productivity within businesses. However, a concerning reality lies on the other side of this transformation: AI is enabling less experienced perpetrators to become highly skilled in social engineering and complex phishing attacks. By personalizing and automating various aspects of the attack procedure, AI not only accelerates phishing attacks but also makes them more advanced and harder to identify.

The boundaries between genuine and fraudulent content have become blurry due to AI, making it increasingly tough to differentiate phishing schemes from legitimate digital communications and websites. In tracking phishing trends throughout 2023, researchers at ThreatLabz have noticed several advanced AI tactics, including a rise in vishing and deepfake phishing. These tactics, becoming more favoured by social engineers, employ AI-based impersonation tools.

Advanced vishing campaigns are becoming more widespread globally, often leading to substantial financial damage. ThreatLabz successfully stopped a significant incident in the summer of 2023 where phishing attackers used AI technology for a vishing attack, impersonating the Zscaler CEO, Jay Chaudhry. The report’s detailed account serves as a vital reminder for employees and companies to maintain vigilance against vishing scammers. A continued upswing in targeted voice phishing campaigns led by groups like Scattered Spider is expected by ThreatLabz in the coming year. As these campaigns aim to obtain employee login details, organizations must strengthen their phishing defenses to avert unauthorized exploitation and access.

Phishing attacks involving deepfakes may be among the most problematic AI-driven cyber threats. Threat actors now have the ability to create video content that perfectly replicates voices, faces, and behavior. This manipulation has alarmingly already been seen, for instance, in the electoral process, where deepfake videos fabricate false narratives or statements from political figures. These videos can distribute misinformation, manipulate public opinion and undermine faith in the electoral process. As society becomes more dependent on digital communication and media, the potential political and personal implications of deepfake scams will likely extend beyond current applications. From financial scams to corporate espionage, the use of deepfake technology presents a significant risk to society, individuals, and organizations.

Furthermore, ThreatLabz have noticed an increase in QR code scams, recruitment scams, browser-in-the-browser (BitB) attacks, and adversary-in-the-middle (AiTM) attacks. You can read about each of these schemes in their report.

Given the alarming threat landscape revealed by this year’s report, how can companies safeguard against emerging phishing threats? A definitive answer lies within the establishment of a zero trust architecture base. Adapting security tactics to counter contemporary phishing tendencies and reduce related risks is vital—zero trust is a certified strategy.

The Zscaler ThreatLabz 2024 Phishing Report provides critical guidance towards this objective, including:

Download your copy of the Zscaler ThreatLabz 2024 Phishing Report today. Phishing assaults will continue and remain a widespread danger to companies. By grasping the latest phishing trends, evaluating the linked risks, and acknowledging the implications of AI-driven assaults, your company will be better poised to defend against phishing in 2024 and beyond.

Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Article

The Top 5 Essentials for Your Next DSPM Solution

Next Article

Integration of Microsoft's Copilot AI into Games like Minecraft

Related Posts