Friday, November 15, 2024
HomeCyber AINew Phishing Attacks Using ChatGPT to Develop Sophisticated Campaigns

New Phishing Attacks Using ChatGPT to Develop Sophisticated Campaigns

Published on

Phishing has been one of the greatest threats to organizations, growing year after year. Phishing attacks have contributed to 90% of data breaches in the past few years, which makes cybercriminals adapt to them, making their attacks much more successful.

Zscaler has published a report indicating an increase of 47.2% in global phishing attacks. These include smishing (SMS), Vishing (VoIP), emails, Adversary-in-the-middle (AiTM, used to bypass Multi-factor authentication), and Phishing-as-a-Service (PaaS)-based attacks.

Since the COVID-19 pandemic, businesses have adapted to remote working, giving threat actors a much larger attack surface to conduct their criminal activities.

- Advertisement - SIEM as a Service

Due to business purposes, organizations have been using several communication methods like email, SMS, voice communications, etc., 

However, cybercriminals target and exploit every communication method, resulting in ransomware attacks or data breaches. As per reports, the most targeted industries are 

  1. Education (25.1%)
  2. Finance and insurance (16.6%)
  3. Government (13.8%)
  4. Other (10.5%)
  5. Health Care (8.9%)
  6. Manufacturing (8.8%)
  7. Retail Wholesale (6.4%)
  8. Services (5.7%)
  9. Technology communication (4.1%)

Compared to 2022, attacks on the education industry have increased by a massive amount of 576%, whereas retail and wholesale have dropped by 67% compared to 2021.

Zscaler stated that these attacks are based on analyzing 280 billion everyday transactions and 8 billion blocked attacks.

Other targets include Microsoft (41.4%), OneDrive (23.4%), Sharepoint (5.1%), Binance (crypto exchange, 23.4%), and other illegal streaming services (6.7%).

Imitated brands

The report also stated that these threat actors had used phishing kits and chatbot AI tools like ChatGPT. AI tools are being manipulated into creating sophisticated phishing campaigns cybercriminals use to bypass several security measures.

Zscaler reports suggesting organizations implement a Zero-Trust policy to verify every network, user, application, and device before they are authorized to access sensitive data.

Building Your Malware Defense Strategy – Download Free E-Book

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Critical TP-Link DHCP Vulnerability Let Attackers Execute Arbitary Code Remotely

A critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious...

Chinese SilkSpecter Hackers Attacking Black Friday Shoppers

SilkSpecter, a Chinese financially motivated threat actor, launched a sophisticated phishing campaign targeting e-commerce...

Cybercriminals Launch SEO Poisoning Attack to Lure Shoppers to Fake Online Stores

The research revealed how threat actors exploit SEO poisoning to redirect unsuspecting users to...

Black Basta Ransomware Leveraging Social Engineering For Malware Deployment

Black Basta, a prominent ransomware group, has rapidly gained notoriety since its emergence in...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Critical TP-Link DHCP Vulnerability Let Attackers Execute Arbitary Code Remotely

A critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious...

Chinese SilkSpecter Hackers Attacking Black Friday Shoppers

SilkSpecter, a Chinese financially motivated threat actor, launched a sophisticated phishing campaign targeting e-commerce...

Cybercriminals Launch SEO Poisoning Attack to Lure Shoppers to Fake Online Stores

The research revealed how threat actors exploit SEO poisoning to redirect unsuspecting users to...