AI-powered generative tools have supercharged phishing threats, so even newbie attackers can effortlessly create refined, individualized campaigns.
Protecting data and systems from this democratization of phishing abilities gives a new challenge for the defenders.
Zscaler’s Phishing Report 2024 is based on an analysis of more than 2 billion phishing reports that occurred in 2023 and provides insights into future trends, current campaigns, prime targets within various regions/industries/brands as well as threat actors using AI.
This report demonstrates the need for constant alertness and zero trust security against an evolving phishing landscape, with examples reflecting how AI is now being used to enhance such activities.
Free Webinar | Mastering WAAP/WAF ROI Analysis | Book Your Spot
Phishing surged 58.2% in 2023 as threat actors leveraged AI for sophisticated social engineering like voice/deepfake phishing.
Adversary-in-the-middle and emerging browser-in-the-browser attacks persisted.
The top targeted countries were:-
Besides this, Finance and insurance faced 27.8% of attacks (a 393% year-over-year increase), the highest percentage across industries.
While Microsoft remained the most impersonated brand at 43.1% of phishing attempts. AI amplified reach and deception of phishing campaigns across multiple vectors.
However, there is a swap since, as it increases productivity, generative AI also serves as a two-edged sword by enabling even inexperienced threat actors to become the skilled social engineers that they are.
AI performs reconnaissance tasks automatically, personalizes email and communications to eliminate mistakes, and creates attractive phishing pages that are indistinguishable from genuine ones.
The report presented ChatGPT generating a login page for phishing within 10 prompts and includes warning signs to look out for.
Emerging sophisticated approaches include voice phishing (vishing) supported by AI and deepfake impersonation in the name of social engineering.
Phishing has grown worse due to generative AI because it allows quicker and more accurate attacks at multiple phases.
There is a global increase in the adoption of advanced AI-driven voice impersonation for vishing campaigns, which has caused great financial damage in some instances.
One of the biggest challenges related to AI cyber threats is deep fake phishing that perfectly copies facial appearances, voice,s and gestures.
The capability of AI-driven vishing and deepfake impersonation to be very sophisticated poses significant emergent challenges that strong organizational defenses must fulfil.
Here below, we have mentioned all the mitigations recommended by the researchers:-
Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP
.
A security flaw found in Android-based kiosk tablets at luxury hotels has exposed a grave…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS) advisories…
A sophisticated cyber campaign dubbed "J-magic" has been discovered targeting enterprise-grade Juniper routers with a…
In January, Netskope Threat Labs uncovered a sophisticated global malware campaign leveraging fake CAPTCHA pages…
In a recent technical investigation, researchers uncovered critical insights into the infrastructure linked to a…
The New York State Department of Financial Services (NYDFS) has imposed a $2 million penalty…