- Phishing attacks are increasingly complex and difficult to detect
- Attackers use new techniques such as QR codes and deepfakes
- Some companies receive 36 phishing emails a day
Phishing attacks are constantly increasing and becoming more sophisticated, as cybercriminals no longer rely solely on basic email schemes, but instead incorporate new tactics such as QR code phishing (quishing), AI-powered attacks and multi-channel phishing to improve its effectiveness. .
A new report from Egress revealed that phishing attacks increased in the second quarter of 2024, with a 28% increase in the number of phishing emails compared to the first quarter.
Phishing attacks are also becoming more sophisticated. Cybercriminals are now using a variety of new tactics to bypass secure email gateways (SEGs) and native defenses like Microsoft 365 security features. In Q2 2024 alone, there was a 52.2 increase % of phishing attacks that managed to bypass SEG detection.
Attacks on raw materials: a mass-produced threat
One type of phishing that has seen a notable increase in 2024 is commodity attacks. These are mass-produced malicious campaigns that impersonate well-known brands on a large scale to trick users into clicking on fake promotions, images or hyperlinks.
The report reveals that during these attacks, organizations experience a staggering 2,700% increase in phishing attempts, and organizations with more than 2,000 employees would have to deal with more than 1,128 phishing emails over 31 days, which is equivalent to approximately 36 phishing emails per day. The sheer volume of these attacks can overwhelm many companies' security systems, making it increasingly difficult to prevent every malicious email from reaching an employee's inbox.
One of the methods used to bypass SEG is HTML smuggling, where attackers hide malicious scripts within HTML attachments. Once opened by the user, the script is assembled on the victim's device, bypassing traditional signature-based detection. Another tactic is to embed phishing links in seemingly legitimate documents or exploit vulnerabilities in trusted websites to host malware.
Companies must now implement advanced security measures and foster a culture of awareness to better protect against the growing threat of phishing.
Phishing attacks are increasingly using AI-based tools to scale their operations. AI allows cybercriminals to automate and personalize phishing campaigns, making them more convincing and harder to detect. Deepfakes and AI-generated chatbots are now the main tools of choice for cybercriminals.
These technologies allow attackers to impersonate trusted people or organizations, further increasing the likelihood of success. This year, there has been a significant increase in “no payload” attacks that rely solely on social engineering rather than traditional malicious attachments or links, accounting for nearly 19% of phishing attempts in 2024, up from 5%. .4% in 2021.
Cybercriminals also use multi-channel phishing tactics, allowing hackers to attack victims through multiple platforms, such as email, SMS, and even collaboration platforms like Microsoft Teams. This multi-channel approach has become more common in 2024, taking advantage of the relative lack of security on platforms other than email.