New report reveals how phishing campaigns have become increasingly commercialised

Presented to Tech Digest at a roundtable event in central London, cybersecurity company Egress launched its latest Phishing Threat Trends Report (October 2024), revealing a rise in phishing attacks as well as commoditised phishing-as-a-service campaigns.

The report shows a 28% increase in phishing emails were sent between April 1st – June 30th vs January 1st – March 31^st, 2024, with June seeing the highest volume of phishing emails.

44% of attacks were sent from compromised accounts to help them bypass authentication protocols, with 8% originating from an account within an organisation’s supply chain. The most prevalent payloads in these emails were hyperlinks, found in 45% of cases, followed by attachments, which appeared in 23% of the phishing emails.

The report also explores how cybercriminals are commercialising their activities through phishing toolkits on the dark web with 74.8% of these referencing the use of AI, 82% deepfakes and 46% even offering a money-back guarantee for cyber criminals if their campaigns aren’t successful!

Key stats from the Phishing Threat Trends Report (October 2024)

28% increase in phishing emails sent between April 1st – June 30th vs January 1st – March 31^st, 2024.
82% of phishing toolkits mentioned deepfakes and 74.8% referenced AI.
During a commodity attack, on average organisations experience a 2,700% increase in phishing attacks compared to the normal baseline.
72.3% of commodity attacks used a hyperlink as its payload, followed by QR codes at 14.0%.
89% of phishing emails involve impersonation; Adobe was the most impersonated brand, followed by Microsoft.
14.9% of impersonation emails were classed as ‘payloadless’, relying solely on social engineering tactics.
44% of phishing emails were sent from compromised accounts, helping them bypass authentication protocols.

Commodity attacks, mass-produced, malicious campaigns that typically mimic spam by impersonating brands on a large scale, are rising in popularity, peaking at 13.6% of all phishing emails detected by Egress Defend in December 2023.

During a commodity campaign, organisations experience a staggering 2,700% increase in phishing attacks compared to their normal baseline. These attacks are primarily image-based, with 51.1% featuring a single graphic; often include hyperlinks (72.3%); and are highly polymorphic, randomising elements like links and display names.

This flood of unsophisticated threats creates white noise, often masking more sophisticated and targeted phishing attempts, making detection even harder for cybersecurity admins.

The Phishing Threat Trends Report reveals that 89% of phishing emails involve impersonation, with Adobe ranking as the most impersonated brand and DHL as the most impersonated mail carrier.

Between January 1st and August 31st, 2024, 26% of phishing emails impersonated brands unconnected to the recipient. Among these, 9.7% impersonated phone or video conferencing providers (such as Zoom) and 5.3% impersonated mail carriers (such as UPS or DPD), frequently using ‘missed voicemail’ or ‘missed delivery’ campaigns.

The next most common impersonation attacks involved posing as the recipient’s company, accounting for 16.0% of incidents, with HR being the most frequently impersonated department.

New employees with two to seven weeks tenure were the most targeted individuals for phishing emails impersonating VIPs, typically as part of CEO fraud attacks. Outside of employer-related attacks, Jeff Bezos and Elon Musk were among the most impersonated celebrities.

Says Jack Chapman, SVP of Threat Intelligence at Egress comments:

“The fourth edition of the Egress Phishing Threat Trends report offers eye-opening insights into the shifting landscape of phishing threats in 2024. One of the most troubling findings is the rapid commoditisation of AI in phishing toolkits, which is putting advanced threats into the hands of less sophisticated cybercriminals. Organisations must respond by adopting advanced AI defenses that effectively counter these evolving threats; while ensuring they aren’t introducing new vulnerabilities by using AI for AI’s sake.”

“As the old saying goes, ‘the only constant is change,’ and this is especially true in cybersecurity. As cybercriminals pivot away from one tactic that is no longer reaping the same rewards, a new one pops up to take its place. However, the report highlights one enduring reality: modern phishing threats are increasingly driven by impersonation tactics, which have become the backbone of many advanced and targeted attacks against organisations.”

To read Egress’ Phishing Threat Trends Report, including all its analysis and findings go to the Egress website.

Oct 3, 2024Chris Price

For latest tech stories go to TechDigest.tv

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__atuvc	1 year 1 month	AddThis sets this cookie to ensure that the updated count is seen when one shares a page and returns to it before the share count cache is updated.
__atuvs	30 minutes	AddThis sets this cookie to ensure that the updated count is seen when one shares a page and returns to it before the share count cache is updated.

Cookie	Duration	Description
at-rand	never	AddThis sets this cookie to track page visits, sources of traffic and share counts.
disqus_unique	1 year	Set to record internal statistics for anonymous visitors.
uvc	1 year 1 month	addthis.com sets this cookie to determine the usage of addthis.com service.
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_gat_gtag_UA_*	1 minute	Google Analytics sets this cookie to store a unique user ID.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
__gads	1 year 24 days	Google sets this cookie under the DoubleClick domain, tracks the number of times users see an advert, measures the campaign's success, and calculates its revenue. This cookie can only be read from the domain they are currently on and will not track any data while they are browsing other sites.

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies store information about how the user uses the website to present them with relevant ads according to the user profile.
loc	1 year 1 month	AddThis sets this geolocation cookie to help understand the location of users who share the information.
skimGUID	10 years	Set by Slimlinks, this cookie is a unique identifier provided to each device for log analysis to determine the number of unique users for various parts of skimresources.com.
test_cookie	15 minutes	doubleclick.net sets this cookie to determine if the user's browser supports cookies.
_ir	session	This is a Pinterest cookie that collects information on visitor behaviour on multiple websites. This information is used on the website, in order to optimize the relevance of advertisement.
__gpi	1 year 24 days	Google Ads Service uses this cookie to collect information about from multiple websites for retargeting ads.

Cookie	Duration	Description
wp_api	past	Description is currently not available.
wp_api_sec	past	Description is currently not available.
xtc	1 year 1 month	Description is currently not available.

Presented to Tech Digest at a roundtable event in central London, cybersecurity company Egress launched its latest Phishing Threat Trends Report (October 2024), revealing a rise in phishing attacks as well as commoditised phishing-as-a-service campaigns.

Key stats from the Phishing Threat Trends Report (October 2024)

Share this:

Like this: