The fight against cyber threats remains a top priority for all organizations, including phishing attacks. SlashNext just released its much-anticipated annual "State of Phishing Report for 2023." This report sheds light on the alarming surge in phishing threats across email, web, and mobile channels. We will delve into the key findings and insights from the report, highlighting the growing influence of generative AI tools in cybercriminal activities.
The Phishing Landscape: A Disturbing Uptick
The report paints a grim picture of the current phishing landscape. The study analyzed billions of threats, including link-based threats, malicious attachments, and natural language messages in email, mobile, and browser channels during a 12-month period from Q4 2022 to Q3 2023. The most alarming findings include:
- A 1,265% Increase in Malicious Phishing Messages - Since Q4 2022, there has been an astonishing 1,265% increase in malicious phishing messages, signaling a significant escalation in cyber threats. On average, a staggering 31,000 phishing attacks were sent on a daily basis, demonstrating the relentless efforts of threat actors.
- 967% Increase in Credential Phishing - Credential phishing, a method employed to steal login information and sensitive data, has surged by a worrying 967%. This steep increase highlights the success and persistence of cybercriminals in exploiting user vulnerabilities.
- Business Email Compromise (BEC) Increases by 68% - A notable 68% of all phishing emails are text-based Business Email Compromise (BEC) attacks. BEC attacks often lead to substantial financial losses for organizations, making them a prime concern for cybersecurity professionals.
- Cybersecurity Professionals are 77% of Threat Actors Targets - 77% of cybersecurity professionals polled reported being targets of phishing attacks, and 28% reported receiving those messages via text messages. This underscores the indiscriminate nature of phishing attacks and the need for enhanced cybersecurity measures.
- The 39% Rise of Smishing - Mobile-based attacks, particularly SMS phishing (Smishing), have increased by 39%. Threat actors recognize the reduced protection on mobile devices compared to email, making it a prime target for attacks.
The Impact of Generative AI on Phishing
The report does not shy away from addressing the role of generative AI tools in cybercriminal activities. The report's findings suggest a significant correlation between the rise in generative AI tools like ChatGPT and the surge in phishing attacks. Patrick Harr, CEO of SlashNext, commented on the findings, saying, "We know from our research that threat actors are leveraging tools like ChatGPT to help write sophisticated, targeted business email compromises and other phishing messages, and an increase in the volume of these threats of over 1,000% corresponding with the time frame in which ChatGPT was launched is not a coincidence."
Harr's statement emphasizes that the dangers stemming from generative AI tools are not to be underestimated. Instead, it is essential for your organization to respond to these types of cyber threats accordingly.
A Shift Toward Mobile and Multi-Channel Attacks
The report also highlights a shift in attack strategies, with mobile-based and multi-stage attacks on the rise. Harr notes, "Mobile-based and multi-stage attacks are growing, primarily because threat actors know that users have fewer protections on mobile compared to email." This trend underscores the importance of implementing mobile and multi-channel protections, as cybercriminals are quick to exploit these vulnerabilities.
With phishing attacks increasing at an alarming rate and generative AI tools playing a pivotal role in their sophistication, cybersecurity measures must adapt and improve. It is important more than ever to implement continual security awareness training so your users will have the knowledge to spot, report, and protect your company from any future evolving phishing attacks.
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
SecurityToday has the full story.