AI, quishing, and multi-channel attacks top phishing trends

Egress has launched its third Phishing Threat Trends Report 2024, detailing key trends, new data, and threat intelligence insights surrounding phishing attacks. The report explores evolving payloads, AI’s rise in cybercrime, the success of multi-channel attacks, and how secure email gateways (SEGs) are trailing behind in an advancing threat landscape.

  • 6 months ago Posted in

Key stats from the Phishing Threat Trends Report (April 2024):

- Quishing has risen from 0.8% in 2021 to 10.8% in 2024, whereas attachment-based payloads halved from 72.7% to 35.7% in the same timeframe.

- 77% of impersonation attacks imitated well-known brands. DocuSign is the most impersonated brand, followed by Microsoft.

- 16.8% of phishing attacks rely solely on social engineering methods.

- Microsoft Teams was the most popular second step in multi-channel attacks, accounting for 30.8%, followed by Slack (19.2%), and SMS (18.6%).

- AI is being used for nearly every aspect of cyberattacks.

- From Jan-Mar 2024, 52.2% more attacks got through SEG detection.

- Millennials are the key target for cybercriminals.

Key themes:

Quishing on the rise as payloads evolve

Egress’ Threat Intelligence team has closely followed the popularity of QR code phishing (or “quishing”) in 2023, with attacks being both prolific and highly successful. In 2021 and 2022, QR code payloads in phishing emails were relatively rare – accounting for 0.8% and 1.4% of attacks, respectively. In 2023, this jumped to 12.4% and has continued at 10.8% for 2024 so far.

Social engineering has also increased, now representing 19% of phishing attacks and phishing emails are over three times longer than they were in 2021, likely due to the increase in use of generative AI. On the other hand, the use of attachment-based payloads has decreased since 2021; three years ago, these accounted for 72.7% of attacks detected by Egress Defend, and by the first quarter of 2024, this had fallen to 35.7% as threat actors evolve their payloads to evade cybersecurity efforts.

Multi-channel attacks capitalise on work messaging apps’ popularity

Following initial phishing email attacks, Microsoft Teams, and Slack account for 50% of second steps in multi-channel attacks, and the Egress Threat Intelligence team only expects this to rise in popularity amongst cybercriminals. Microsoft Teams was the most popular second step in multi-channel attacks, accounting for 30.8%, followed by Slack (19.2%), and SMS (18.6%).

With security awareness training (SAT) generally focusing heavily on educating employees about email-based attacks, and a perceived legitimacy with these messaging channels, it’s no surprise that Microsoft Teams experienced a 104.4% increase in 2024 compared to the last three months of 2023.

AI sends cyberattacks into hyperdrive

Deepfakes continue to hit the headlines, and the use of Zoom and mobile phone calls as the second step in multi-channel attacks has increased in the first quarter of 2024 compared with the last quarter of 2023; Zoom by 33.3% and mobile phone calls by 31.3%. The Egress Threat Intelligence team predicts the use of video and audio deepfakes in cyberattacks will increase over the next 12 months and beyond.

Generative AI is also expected to increase attack success rate, including creating payloads such as malware, phishing websites, and invoices for wire fraud attacks as cybercriminals look to streamline their processes and deliver more efficient campaigns at even swifter pace.

SEGs are static in an evolving landscape

The new report reveals that in the first three months of 2024, there was a 52.2% increase in the number of attacks that got through SEG detection. 68.4% of these attacks passed authentication checks, including DMARC, which is a primary detection capability used by SEGs. Unlike integrated cloud email security (ICES) solutions, SEGs are less effective against legitimate but compromised third-party accounts, which is where most of these attacks have been sent from. Sitting at the network’s edge, SEGs utilise definitions libraries and scan for known threats using signature-based and reputational-based detection, with this detection mechanism remaining relatively static despite the rapid evolution of phishing threats.

Obfuscation techniques frequently bypass SEGs such as hijacking legitimate hyperlinks and masking hyperlinks to phishing websites within image-based attachments like JPEGs. These two techniques make up 45.5% of obfuscation methods that bypass SEGs, and layering multiple techniques is increasingly popular for avoiding detection.

Threat actors are targeting a dream profile and personalising at pace

The Phishing Threat Trends Report reveals that Millennials are the top targets for phishing attacks, receiving 37.5% of phishing emails. The most targeted industries are finance, legal and healthcare, with people working in Accounting and Finance teams receiving the most phishing emails, followed by Marketing and HR. Unsurprisingly, the most targeted job role is the CEO and 13.4% of phishing attacks impersonated someone the victim knew such as CEOs and senior leadership.

Social engineering is evident in the most phished day of the year so far, as February 9th came out on top in the lead up to Valentine’s Day. Utilising a widely celebrated holiday to personalise phishing attacks has always been popular, but the rise of AI will lead to these being increasingly convincing as seen in a recent Egress investigation.

Jack Chapman, SVP of Threat Intelligence at Egress, comments:

“The third edition of the Egress Phishing Threat Trends Report is jam packed with crucial themes and predictions for the threat landscape for 2024. Utilising data from Egress Defend and exclusive intel from the Egress team, we look at hot topics that have dominated headlines, including the rise of QR phishing and AI-powered attacks, plus we analyse the ways cybercriminals are engineering attacks to get through detection by secure email gateways.

“The one thing that won’t change in 2024 is cybercriminals investing heavily in attacks that give them the highest rewards. Some tactics will stay the same, but where returns diminish or disappear entirely, new tactics will emerge. Looking at the trends explored in the latest report, we can say with certainty that AI-powered attacks are here to stay, and our Threat Intelligence team predicts AI will be used in some way in every phishing attack in the next 12 months, leading to lucrative paydays for cybercriminals.

“The Phishing Threat Trends report is an essential read for all cybersecurity teams and leaders and offers advice as well as key themes detected by Egress Defend.”

Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security...
Talent and training partner, mthree, which supports major global tech, banking, and business...
Cloud-native organisations to gain full understanding over every identity in the cloud, secured...
MSSPs identify regulatory compliance as additional factor as organisations seek to shift...
Orange Business (Norway), a global leader in digital services, has selected ARMO’s advanced...
Gigamon and Exclusive Networks have expanded their existing distribution partnership, broadening...
Trustwave and Cybereason have announced a definitive merger agreement offering a comprehensive and...
FortiDLP’s unified approach to data protection enables enterprise organizations to anticipate and...