Wednesday, September 18, 2024
HomeCyber AINew Phishing Attacks Using ChatGPT to Develop Sophisticated Campaigns

New Phishing Attacks Using ChatGPT to Develop Sophisticated Campaigns

Published on

Phishing has been one of the greatest threats to organizations, growing year after year. Phishing attacks have contributed to 90% of data breaches in the past few years, which makes cybercriminals adapt to them, making their attacks much more successful.

Zscaler has published a report indicating an increase of 47.2% in global phishing attacks. These include smishing (SMS), Vishing (VoIP), emails, Adversary-in-the-middle (AiTM, used to bypass Multi-factor authentication), and Phishing-as-a-Service (PaaS)-based attacks.

Since the COVID-19 pandemic, businesses have adapted to remote working, giving threat actors a much larger attack surface to conduct their criminal activities.

- Advertisement - EHA

Due to business purposes, organizations have been using several communication methods like email, SMS, voice communications, etc., 

However, cybercriminals target and exploit every communication method, resulting in ransomware attacks or data breaches. As per reports, the most targeted industries are 

  1. Education (25.1%)
  2. Finance and insurance (16.6%)
  3. Government (13.8%)
  4. Other (10.5%)
  5. Health Care (8.9%)
  6. Manufacturing (8.8%)
  7. Retail Wholesale (6.4%)
  8. Services (5.7%)
  9. Technology communication (4.1%)

Compared to 2022, attacks on the education industry have increased by a massive amount of 576%, whereas retail and wholesale have dropped by 67% compared to 2021.

Zscaler stated that these attacks are based on analyzing 280 billion everyday transactions and 8 billion blocked attacks.

Other targets include Microsoft (41.4%), OneDrive (23.4%), Sharepoint (5.1%), Binance (crypto exchange, 23.4%), and other illegal streaming services (6.7%).

Imitated brands

The report also stated that these threat actors had used phishing kits and chatbot AI tools like ChatGPT. AI tools are being manipulated into creating sophisticated phishing campaigns cybercriminals use to bypass several security measures.

Zscaler reports suggesting organizations implement a Zero-Trust policy to verify every network, user, application, and device before they are authorized to access sensitive data.

Building Your Malware Defense Strategy – Download Free E-Book

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Microsoft Windows Kernel Vulnerability Exploited in the Wild

Microsoft has confirmed the exploitation of a Windows Kernel vulnerability, identified as CVE-2024-37985, in...

Discord Announces End-to-End Encryption for Audio & Video Chats

Discord has introduced end-to-end encryption (E2EE) for audio and video chats.Known as the...

Threat Actor Allegedly Selling Bharat Petroleum Database

A threat actor has allegedly put up for sale a database belonging to Bharat...

Chrome 129 Released with Fix for Multiple Security Vulnerabilities

The Chrome team has officially announced the release of Chrome 129, which is now...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Microsoft Windows Kernel Vulnerability Exploited in the Wild

Microsoft has confirmed the exploitation of a Windows Kernel vulnerability, identified as CVE-2024-37985, in...

Discord Announces End-to-End Encryption for Audio & Video Chats

Discord has introduced end-to-end encryption (E2EE) for audio and video chats.Known as the...

Threat Actor Allegedly Selling Bharat Petroleum Database

A threat actor has allegedly put up for sale a database belonging to Bharat...