AI-powered generative tools have supercharged phishing threats, so even newbie attackers can effortlessly create refined, individualized campaigns.
Protecting data and systems from this democratization of phishing abilities gives a new challenge for the defenders.
Zscaler’s Phishing Report 2024 is based on an analysis of more than 2 billion phishing reports that occurred in 2023 and provides insights into future trends, current campaigns, prime targets within various regions/industries/brands as well as threat actors using AI.
This report demonstrates the need for constant alertness and zero trust security against an evolving phishing landscape, with examples reflecting how AI is now being used to enhance such activities.
Free Webinar | Mastering WAAP/WAF ROI Analysis | Book Your Spot
Phishing surged 58.2% in 2023 as threat actors leveraged AI for sophisticated social engineering like voice/deepfake phishing.
Adversary-in-the-middle and emerging browser-in-the-browser attacks persisted.
The top targeted countries were:-
Besides this, Finance and insurance faced 27.8% of attacks (a 393% year-over-year increase), the highest percentage across industries.
While Microsoft remained the most impersonated brand at 43.1% of phishing attempts. AI amplified reach and deception of phishing campaigns across multiple vectors.
However, there is a swap since, as it increases productivity, generative AI also serves as a two-edged sword by enabling even inexperienced threat actors to become the skilled social engineers that they are.
AI performs reconnaissance tasks automatically, personalizes email and communications to eliminate mistakes, and creates attractive phishing pages that are indistinguishable from genuine ones.
The report presented ChatGPT generating a login page for phishing within 10 prompts and includes warning signs to look out for.
Emerging sophisticated approaches include voice phishing (vishing) supported by AI and deepfake impersonation in the name of social engineering.
Phishing has grown worse due to generative AI because it allows quicker and more accurate attacks at multiple phases.
There is a global increase in the adoption of advanced AI-driven voice impersonation for vishing campaigns, which has caused great financial damage in some instances.
One of the biggest challenges related to AI cyber threats is deep fake phishing that perfectly copies facial appearances, voice,s and gestures.
The capability of AI-driven vishing and deepfake impersonation to be very sophisticated poses significant emergent challenges that strong organizational defenses must fulfil.
Here below, we have mentioned all the mitigations recommended by the researchers:-
Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP
.
SpyLoan apps, a type of PUP, are rapidly increasing, exploiting social engineering to deceive users…
CyberVolk, a politically motivated hacktivist group, has leveraged readily available ransomware builders like AzzaSec, Diamond,…
A ransomware attack on Blue Yonder, a leading supply chain management software provider, has created…
Dell Technologies has released a security update for its Wyse Management Suite (WMS) to address…
The Cybersecurity and Infrastructure Security Agency (CISA) recently detailed findings from a Red Team Assessment…
IBM has issued a security bulletin warning customers about a vulnerability in its Workload Scheduler…