A dizzying increase in QR code phishing (crush) attacks occurring in 2023 saw them skyrocket up the list of concerns for cyber teams globally, according to Egress.
The attacks have been both prolific and highly successful, demonstrating how cybercriminals effectively combine available technology with consumer familiarity (or complacency) at scale.
The Evolution of Phishing Attack Payloads
In 2021 and 2022, QR code payloads in phishing emails were relatively rare – accounting for 0.8% and 1.4% of attacks, respectively. In 2023, this figure increased to 12.4% and has remained at 10.8% so far in 2024.
Social engineering has also increased, now accounting for 19% of phishing attacks and phishing emails are lasting more than three times longer than they were in 2021, likely due to the increased use of social engineering. Generative AI. In contrast, the use of attachment-based payloads has declined since 2021; three years ago, these accounted for 72.7% of attacks detected by Egress, and by the first quarter of 2024, this figure had fallen to 35.7% as malicious actors evolve their payloads to evade attack efforts. cybersecurity.
After early phishing email attacks, Microsoft Teams and Slack account for 50% of the second stages of multi-channel attacks, and the Egress team expects this to gain popularity among cybercriminals. Microsoft Teams was the second most popular stage in multi-channel attacks, accounting for 30.8%, followed by Slack (19.2%) and SMS (18.6%).
With security awareness training (SAT) typically focuses heavily on employee awareness of email attacks and the perceived legitimacy of these email channels, it is no surprise that Microsoft Teams saw a 104.4% increase in 2024 compared to to the last three months of 2023.
Cybercriminals use AI for deepfakes and automated phishing
Deepfakes continue to make headlines, and the use of Zoom and phone calls as the second stage of multi-channel attacks increased in the first quarter of 2024 compared to the last quarter of 2023; Zoom by 33.3% and mobile phone calls by 31.3%. Researchers predict that the use of video and audio deepfakes in cyberattacks will increase over the next 12 months and beyond.
Generative AI is also expected to increase the success rate of attacks, including creating payloads such as malware, phishing websites and invoices for e-fraud attacks, as cybercriminals seek to streamline their processes and conduct more effective campaigns at an even faster pace.
The report reveals that in the first three months of 2024, the number of attacks that passed SEG detection increased by 52.2%. 68.4% of these attacks passed authentication checks, including DMARC, which is a primary detection capability used by SEGs.
Unlike integrated cloud email security (ICES) solutions, SEGs are less effective against legitimate but compromised third-party accounts, where most of these attacks originate. Located at the edge of the network, SEGs use definition libraries and scan for known threats using signature- and reputation-based detection, with this detection mechanism remaining relatively static despite rapidly evolving security threats. phishing.
Frequent Obfuscation Techniques bypass SEGs such as hijacking legitimate hyperlinks and hiding hyperlinks to phishing websites in image-based attachments such as JPEG files. These two techniques account for 45.5% of obfuscation methods that circumvent SEGs, and layering multiple techniques is increasingly popular to avoid detection.
Millennials are the main targets of phishing attacks
The report reveals that Millennials are the main targets of phishing attacks, receiving 37.5% of phishing emails. The most targeted industries are finance, legal and healthcare, with people working in accounting and finance teams receiving the most phishing emails, followed by marketing and HR. Unsurprisingly, the most targeted position is CEO, and 13.4% of phishing attacks impersonate someone the victim knew, such as CEOs and senior executives.
Social engineering is evident on the most phished day of the year so far, as February 9 topped the list in the run-up to Valentine’s Day. Using a widely celebrated holiday to personalize phishing attacks has always been popular, but the rise of AI will make these attacks increasingly convincing.
“The third edition of the Egress Phishing Threat Trends Report is packed with crucial themes and predictions for the 2024 threat landscape. We examine hot topics that have been making headlines, including the rise of QR phishing and attacks based on AI, and we analyze how cybercriminals design their attacks to slip through detection by secure email gateways,” said Jack ChapmanSenior Vice President of Threat Intelligence at Egress.
“The only thing that won’t change in 2024 is cybercriminals investing heavily in attacks that bring them the greatest rewards. Some tactics will remain the same, but when returns decrease or disappear completely, new tactics will emerge. Looking at the trends explored in the latest report, we can confidently say that AI-based attacks are here to stay, and our Threat Intelligence team predicts that AI will be used in one way or another in every phishing attack in the next 12 months, resulting in lucrative paydays for cybercriminals,” concluded Chapman.