Increase in Phishing Attacks in 2024 with the Use of AI Tools and Multichannel Tactics by Cybercriminals.
Attacks on commodities exceed security systems, making it necessary to implement more robust protection strategies.
Phishing attacks are on the rise and becoming increasingly sophisticated, as cybercriminals have moved beyond simple email scams. Instead, they have begun to adopt more advanced tactics, including the use of QR codes for phishing (known as "quishing") and AI-driven attacks. According to a recent report by Egress, the second half of 2024 has seen a 28% increase compared to the first quarter.
Cybercriminals have also found new ways to evade Secure Email Gateways (SEG) and native defenses, such as Microsoft 365's security features. In the second quarter of 2024, phishing attacks that managed to bypass SEG detection increased by 52.2%.
Among the new tactics is the "commodity" attack, where malicious campaigns are produced en masse and impersonate recognized brands. During these operations, organizations may experience an astonishing 2,700% increase in phishing attempts, resulting in approximately 36 phishing emails daily for companies with over 2,000 employees.
One technique used to evade SEG detection is "HTML smuggling," which involves hiding malicious scripts within HTML files. When the file is opened, the script assembles itself on the victim's device, evading traditional signature-based detection. Moreover, attackers also integrate phishing links into documents that appear legitimate or exploit vulnerabilities in trusted websites to host malware.
To tackle these challenges, companies must adopt advanced security measures and foster a culture of awareness about these evolving cyber risks. The implementation of AI-driven tools is enabling cybercriminals to automate and personalize their phishing campaigns, making them more persuasive and harder to identify. In this context, deepfakes and AI-generated chatbots have become popular tools among attackers.
An alarming trend in 2024 is the rise of "payload-less" attacks, which rely solely on social engineering, representing nearly 19% of all phishing attempts, a significant increase from 5.4% in 2021. Additionally, criminals have started using multichannel phishing tactics, allowing them to target victims across multiple platforms such as email, SMS, and collaboration platforms like Microsoft Teams. This approach has gained more relevance in 2024, taking advantage of the relatively low security in non-email platforms.
