New report reveals how phishing campaigns have become increasingly commercialised

Cybersecurity, News
Share


Presented to Tech Digest at a roundtable event in central London, cybersecurity company Egress launched its latest Phishing Threat Trends Report (October 2024), revealing a rise in phishing attacks as well as commoditised phishing-as-a-service campaigns. 

The report shows a 28% increase in phishing emails were sent between April 1st – June 30th vs January 1st – March 31st, 2024, with June seeing the highest volume of phishing emails.

44% of attacks were sent from compromised accounts to help them bypass authentication protocols, with 8% originating from an account within an organisation’s supply chain. The most prevalent payloads in these emails were hyperlinks, found in 45% of cases, followed by attachments, which appeared in 23% of the phishing emails.

The report also explores how cybercriminals are commercialising their activities through phishing toolkits on the dark web with 74.8% of these referencing the use of AI, 82% deepfakes and 46% even offering a money-back guarantee for cyber criminals if their campaigns aren’t successful! 

Key stats from the Phishing Threat Trends Report (October 2024)

  • 28% increase in phishing emails sent between April 1st – June 30th vs January 1st – March 31st, 2024.
  • 82% of phishing toolkits mentioned deepfakes and 74.8% referenced AI.
  • During a commodity attack, on average organisations experience a 2,700% increase in phishing attacks compared to the normal baseline.
  • 72.3% of commodity attacks used a hyperlink as its payload, followed by QR codes at 14.0%.
  • 89% of phishing emails involve impersonation; Adobe was the most impersonated brand, followed by Microsoft.
  • 14.9% of impersonation emails were classed as ‘payloadless’, relying solely on social engineering tactics.
  • 44% of phishing emails were sent from compromised accounts, helping them bypass authentication protocols.

Commodity attacks, mass-produced, malicious campaigns that typically mimic spam by impersonating brands on a large scale, are rising in popularity, peaking at 13.6% of all phishing emails detected by Egress Defend in December 2023.

During a commodity campaign, organisations experience a staggering 2,700% increase in phishing attacks compared to their normal baseline. These attacks are primarily image-based, with 51.1% featuring a single graphic; often include hyperlinks (72.3%); and are highly polymorphic, randomising elements like links and display names.

This flood of unsophisticated threats creates white noise, often masking more sophisticated and targeted phishing attempts, making detection even harder for cybersecurity admins.

The Phishing Threat Trends Report reveals that 89% of phishing emails involve impersonation, with Adobe ranking as the most impersonated brand and DHL as the most impersonated mail carrier.

Between January 1st and August 31st, 2024, 26% of phishing emails impersonated brands unconnected to the recipient. Among these, 9.7% impersonated phone or video conferencing providers (such as Zoom) and 5.3% impersonated mail carriers (such as UPS or DPD), frequently using ‘missed voicemail’ or ‘missed delivery’ campaigns.

The next most common impersonation attacks involved posing as the recipient’s company, accounting for 16.0% of incidents, with HR being the most frequently impersonated department.

New employees with two to seven weeks tenure were the most targeted individuals for phishing emails impersonating VIPs, typically as part of CEO fraud attacks. Outside of employer-related attacks, Jeff Bezos and Elon Musk were among the most impersonated celebrities.

Says Jack Chapman, SVP of Threat Intelligence at Egress comments:

The fourth edition of the Egress Phishing Threat Trends report offers eye-opening insights into the shifting landscape of phishing threats in 2024. One of the most troubling findings is the rapid commoditisation of AI in phishing toolkits, which is putting advanced threats into the hands of less sophisticated cybercriminals. Organisations must respond by adopting advanced AI defenses that effectively counter these evolving threats; while ensuring they aren’t introducing new vulnerabilities by using AI for AI’s sake.”

“As the old saying goes, ‘the only constant is change,’ and this is especially true in cybersecurity. As cybercriminals pivot away from one tactic that is no longer reaping the same rewards, a new one pops up to take its place. However, the report highlights one enduring reality: modern phishing threats are increasingly driven by impersonation tactics, which have become the backbone of many advanced and targeted attacks against organisations.”

To read Egress’ Phishing Threat Trends Report, including all its analysis and findings go to the Egress website

Chris Price
For latest tech stories go to TechDigest.tv