August 12, 2024 at 08:36AM
In 2023, phishing attacks impacted 94% of businesses, a 40% increase from the previous year. The surge is attributed to AI, particularly generative AI, facilitating the creation of malicious content, and PhaaS enabling easy access to skilled attackers. Threat actors now respond more quickly to evolving and planned events, capitalizing on current affairs, holidays, and major sporting events.
From the meeting notes, the key takeaways on the surge in phishing attacks are:
1. Generative AI has made it easier for threat actors to craft content for phishing campaigns, including malicious emails and deepfake videos. It has also facilitated the writing of malware for phishing attacks.
2. Phishing as a Service (PhaaS) allows malicious parties to hire skilled attackers to carry out phishing campaigns, increasing the ease of launching such attacks.
3. The use of AI and PhaaS has made phishing more agile, allowing threat actors to respond quickly to evolving events, such as cybersecurity incidents or major sports events.
4. Phishing targets current and planned events, taking advantage of the excitement or fear surrounding these events. This includes exploiting incidents like the CrowdStrike “Blue Screen of Death,” and events like the 2024 Olympics and UEFA Euro 2024 football championship.
5. Recurring events, such as the holiday season, are also exploited for phishing attacks, such as gift card fraud, non-payment scams, and fake job offers.
6. Businesses can mitigate the risk of phishing attacks by educating employees and consumers to be cautious when responding to content associated with current events, as well as implementing effective security measures.
These takeaways reflect the evolving tactics and strategies used by threat actors in launching phishing attacks and highlight the importance of proactive measures in mitigating the risks associated with such attacks.