Phishing

Phishing Attacks Rise By 58% As The Attackers Leverage AI Tools

AI-powered generative tools have supercharged phishing threats, so even newbie attackers can effortlessly create refined, individualized campaigns.

Protecting data and systems from this democratization of phishing abilities gives a new challenge for the defenders.

Zscaler’s Phishing Report 2024 is based on an analysis of more than 2 billion phishing reports that occurred in 2023 and provides insights into future trends, current campaigns, prime targets within various regions/industries/brands as well as threat actors using AI.

This report demonstrates the need for constant alertness and zero trust security against an evolving phishing landscape, with examples reflecting how AI is now being used to enhance such activities.

Free Webinar | Mastering WAAP/WAF ROI Analysis | Book Your Spot

Phishing surged 58.2% in 2023 as threat actors leveraged AI for sophisticated social engineering like voice/deepfake phishing.

Adversary-in-the-middle and emerging browser-in-the-browser attacks persisted. 

The top targeted countries were:-

  • US
  • UK
  • India
  • Canada
  • Germany
Top targeted countries (Source – Zscaler)

Besides this, Finance and insurance faced 27.8% of attacks (a 393% year-over-year increase), the highest percentage across industries.

Industries targeted most (Source – Zscaler)

While Microsoft remained the most impersonated brand at 43.1% of phishing attempts. AI amplified reach and deception of phishing campaigns across multiple vectors.

However, there is a swap since, as it increases productivity, generative AI also serves as a two-edged sword by enabling even inexperienced threat actors to become the skilled social engineers that they are.

AI performs reconnaissance tasks automatically, personalizes email and communications to eliminate mistakes, and creates attractive phishing pages that are indistinguishable from genuine ones.

The report presented ChatGPT generating a login page for phishing within 10 prompts and includes warning signs to look out for.

Emerging sophisticated approaches include voice phishing (vishing) supported by AI and deepfake impersonation in the name of social engineering.

Phishing has grown worse due to generative AI because it allows quicker and more accurate attacks at multiple phases.

There is a global increase in the adoption of advanced AI-driven voice impersonation for vishing campaigns, which has caused great financial damage in some instances. 

One of the biggest challenges related to AI cyber threats is deep fake phishing that perfectly copies facial appearances, voice,s and gestures. 

The capability of AI-driven vishing and deepfake impersonation to be very sophisticated poses significant emergent challenges that strong organizational defenses must fulfil.

Mitigations

Here below, we have mentioned all the mitigations recommended by the researchers:-

  • Use AI-powered phishing prevention solutions that offer several capabilities, such as Browser Isolation, to combat AI-driven threats effectively.
  • Implement a Zero Trust architecture to prevent traditional and AI-driven phishing attacks at multiple stages.
  • Prevent compromise by inspecting TLS/SSL at scale.
  • Eliminate lateral movement by enabling direct user-to-application connections and implementing AI-powered app segmentation.
  • Detect and shut down compromised users and insider threats using inline inspection.
  • Prevent data loss by inspecting data in-motion and at-rest.
  • Adopt foundational security best practices to enhance overall resilience to phishing attacks.

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP.

Tushar Subhra Dutta

Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Recent Posts

Hackers Exploiting Docusign With Phishing Attack To Steal Credentials

Hackers prefer phishing as it exploits human vulnerabilities rather than technical flaws which make it a highly effective and low-cost…

24 hours ago

Norway Recommends Replacing SSLVPN/WebVPN to Stop Cyber Attacks

A very important message from the Norwegian National Cyber Security Centre (NCSC) says that Secure Socket Layer/Transport Layer Security (SSL/TLS)…

3 days ago

New Linux Backdoor Attacking Linux Users Via Installation Packages

Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices, which makes it an attractive target…

3 days ago

ViperSoftX Malware Uses Deep Learning Model To Execute Commands

ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine, to target infected systems, which extracts…

3 days ago

Santander Data Breach: Hackers Accessed Company Database

Santander has confirmed that there was a major data breach that affected its workers and customers in Spain, Uruguay, and…

3 days ago

U.S. Govt Announces Rewards up to $5 Million for North Korean IT Workers

The U.S. government has offered a prize of up to $5 million for information that leads to the arrest and…

3 days ago