Boston,
US. – April
18th, 2024 – Leading
cybersecurity company Egress has today launched its third Phishing
Threat Trends Report 2024 (April 2024), detailing key trends, new
data, and threat intelligence insights surrounding phishing
attacks. The report explores evolving payloads, AI’s rise in
cybercrime, the success of multi-channel attacks, and how secure
email gateways (SEGs) are trailing behind in an advancing threat
landscape.
Key stats from the
Phishing Threat Trends Report (April 2024):
- Quishing has risen from 0.8% in 2021 to 10.8% in 2024, whereas
attachment-based payloads halved from 72.7% to 35.7% in the same
timeframe.
- 77% of impersonation attacks imitated well-known brands.
DocuSign is the most impersonated brand, followed by
Microsoft.
- 16.8% of phishing attacks rely solely on social engineering
methods.
- Microsoft Teams was the most popular second step in
multi-channel attacks, accounting for 30.8%, followed by Slack
(19.2%), and SMS (18.6%).
- AI is being used for nearly every aspect of
cyberattacks.
- From Jan-Mar 2024, 52.2% more attacks got through SEG
detection.
- Millennials are the key target for cybercriminals.
Key
themes:
Quishing on
the rise as payloads
evolve
Egress’ Threat Intelligence team has
closely followed the popularity of QR code phishing (or “quishing”)
in 2023, with attacks being both prolific and highly successful. In
2021 and 2022, QR code payloads in phishing emails were relatively
rare – accounting for 0.8% and 1.4% of attacks, respectively. In
2023, this jumped to 12.4% and has continued at 10.8% for 2024 so
far.
Social engineering has also increased,
now representing 19% of phishing attacks and phishing emails are
over three times longer than they were in 2021, likely due to the
increase in use of generative AI. On the other hand, the use of
attachment-based payloads has decreased since 2021; three years
ago, these accounted for 72.7% of attacks detected by Egress
Defend, and by the first quarter of 2024, this had fallen to 35.7%
as threat actors evolve their payloads to evade cybersecurity
efforts.
Multi-channel attacks
capitalize on work messaging apps’
popularity
Following initial phishing email
attacks, Microsoft Teams, and Slack account for 50% of second steps
in multi-channel attacks, and the Egress Threat Intelligence team
only expects this to rise in popularity amongst cybercriminals.
Microsoft Teams was the most popular second step in multi-channel
attacks, accounting for 30.8%, followed by Slack (19.2%), and SMS
(18.6%).
With security awareness training
(SAT)generally focusing heavily on educating employees about
email-based attacks, and a perceived legitimacy with these
messaging channels, it’s no surprise that Microsoft Teams
experienced a 104.4% increase in 2024 compared to the last three
months of 2023.
AI sends cyberattacks
into hyperdrive
Deepfakes continue to hit the
headlines, and the use of Zoom and mobile phone calls as the second
step in multi-channel attacks has increased in the first quarter of
2024 compared with the last quarter of 2023; Zoom by 33.3% and
mobile phone calls by 31.3%. The Egress Threat Intelligence team
predicts the use of video and audio deepfakes in cyberattacks will
increase over the next 12 months and beyond.
Generative AI is also expected to
increase attack success rate, including creating payloads such as
malware, phishing websites, and invoices for wire fraud attacks as
cybercriminals look to streamline their processes and deliver more
efficient campaigns at even swifter pace.
SEGs are
static in an evolving landscape
The new report reveals that in the
first three months of 2024, there was a 52.2% increase in the
number of attacks that got through SEG detection. 68.4% of these
attacks passed authentication checks, including DMARC, which is a
primary detection capability used by SEGs. Unlike integrated cloud
email security (ICES) solutions, SEGs are less effective against
legitimate but compromised third-party accounts, which is where
most of these attacks have been sent from. Sitting at the network’s
edge, SEGs utilize definitions libraries and scan for known threats
using signature-based and reputational-based detection, with this
detection mechanism remaining relatively static despite the rapid
evolution of phishing threats.
Obfuscation techniques frequently
bypass SEGs such as hijacking legitimate hyperlinks and masking
hyperlinks to phishing websites within image-based attachments like
JPEGs. These two techniques make up 45.5% of obfuscation methods
that bypass SEGs, and layering multiple techniques is increasingly
popular for avoiding detection.
Threat actors are
targeting a dream
profile and personalizing at
pace
The Phishing Threat Trends Report
reveals that Millennials are the top targets for phishing attacks,
receiving 37.5% of phishing emails. The most targeted industries
are finance, legal and healthcare, with people working in
Accounting and Finance teams receiving the most phishing emails,
followed by Marketing and HR. Unsurprisingly, the most targeted job
role is the CEO and 13.4% of phishing attacks impersonated someone
the victim knew such as CEOs and senior leadership.
Social engineering is evident in the
most phished day of the year so far, as February 9th came out on
top in the lead up to Valentine’s Day. Utilizing a widely
celebrated holiday to personalize phishing attacks has always been
popular, but the rise of AI will lead to these being increasingly
convincing as seen in a recent Egress investigation.
Jack Chapman, SVP of Threat
Intelligence at Egress, comments:
“The third edition of the Egress
Phishing Threat Trends Report is jam packed with crucial themes and
predictions for the threat landscape for 2024. Utilizing data from
Egress Defend and exclusive intel from the Egress team, we look at
hot topics that have dominated headlines, including the rise of QR
phishing and AI-powered attacks, plus we analyze the ways
cybercriminals are engineering attacks to get through detection by
secure email gateways.
“The one thing that won’t change in
2024 is cybercriminals investing heavily in attacks that give them
the highest rewards. Some tactics will stay the same, but where
returns diminish or disappear entirely, new tactics will emerge.
Looking at the trends explored in the latest report, we can say
with certainty that AI-powered attacks are here to stay, and our
Threat Intelligence team predicts AI will be used in some way in
every phishing attack in the next 12 months, leading to lucrative
paydays for cybercriminals.
“The Phishing Threat Trends report is
an essential read for all cybersecurity teams and leaders and
offers advice as well as key themes detected by Egress
Defend.”
To read Egress’ Phishing Threat Trends
Report, including all its analysis and findings please visit our
website.
– ENDS –
About
Egress
As advanced persistent
threats continue to evolve, we recognise that people are the
biggest risk to organization's security and are most vulnerable
when using email.
Egress is the only
cloud email security platform to continuously assess human risk and
dynamically adapt policy controls, preparing customers to defend
against advanced phishing attacks and outbound data breaches before
they happen. Leveraging contextual machine learning and neural
networks, with seamless integration using cloud-native API
architecture, Egress provides enhanced email protection, deep
visibility into human risk, and instant time to value.
Trusted by the world’s
biggest brands, Egress is private equity backed with offices in
London, Sheffield, Cheltenham, New York, Boston, and
Toronto.
Press
Contact
Destiny
Gillbee PR Director egress@c8consulting.co.uk