Security News > 2024 > April > AI set to play key role in future phishing attacks
Social engineering has also increased, now representing 19% of phishing attacks and phishing emails are over three times longer than they were in 2021, likely due to the increase in use of generative AI. On the other hand, the use of attachment-based payloads has decreased since 2021; three years ago, these accounted for 72.7% of attacks detected by Egress, and by the first quarter of 2024, this had fallen to 35.7% as threat actors evolve their payloads to evade cybersecurity efforts.
Generative AI is also expected to increase attack success rate, including creating payloads such as malware, phishing websites and invoices for wire fraud attacks as cybercriminals look to streamline their processes and deliver more efficient campaigns at even swifter pace.
The report reveals that Millennials are the top targets for phishing attacks, receiving 37.5% of phishing emails.
The most targeted industries are finance, legal and healthcare, with people working in accounting and finance teams receiving the most phishing emails, followed by marketing and HR. Unsurprisingly, the most targeted job role is the CEO and 13.4% of phishing attacks impersonated someone the victim knew such as CEOs and senior leadership.
Utilizing a widely celebrated holiday to personalize phishing attacks has always been popular, but the rise of AI will lead to these being increasingly convincing.
"The one thing that won't change in 2024 is cybercriminals investing heavily in attacks that give them the highest rewards. Some tactics will stay the same, but where returns diminish or disappear entirely, new tactics will emerge. Looking at the trends explored in the latest report, we can say with certainty that AI-powered attacks are here to stay, and our Threat Intelligence team predicts AI will be used in some way in every phishing attack in the next 12 months, leading to lucrative paydays for cybercriminals," Chapman concluded.
News URL
https://www.helpnetsecurity.com/2024/04/24/2024-phishing-attacks-trends/
Related news
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- 20% of Generative AI ‘Jailbreak’ Attacks Succeed, With 90% Exposing Sensitive Data (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- From Misuse to Abuse: AI Risks and Attacks (source)
- AI and deepfakes fuel phishing scams, making detection harder (source)
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)