Credential phishing attacks up over 700 percent

Phishing remains one of the most significant cyber threats impacting organizations worldwide and a new report shows credential theft attacks surged dramatically in the second half of 2024, rising by 703 percent.

The report from SlashNext shows that overall, email-based threats rose by 202 percent over the same period, with individual users receiving at least one advanced phishing link per week capable of bypassing traditional network security controls.

SlashNext analyzed billions of threats across email and mobile channels -- including Business Email Compromise (BEC), malicious links, attachments, QR codes, and AI-driven natural language attacks -- the report offers a comprehensive look at the rapidly evolving phishing landscape and the vectors most exploited by cybercriminals in the past year.

"In early 2024, we witnessed a sharp spike in attacks as adversaries quickly learned to integrate AI into their phishing strategies, resulting in far higher volumes of advanced and effective threats," says Stephen Kowski, field CTO at SlashNext. "By the second half of the year, the growth in attack volume was more gradual but still persistent. We fully anticipate this upward trajectory will continue into 2025, especially as our threat research team uncovers new, advanced phishing kits freely available on the Dark Web."

Of all embedded malicious links observed, 80 percent were previously unknown zero-day threats -- underscoring the limitations of static threat intelligence and signature-based detection methods.

During peak periods, users faced an average of three to six threats per week, and annually, up to 600 mobile threats per user. Social engineering-based attacks rose by 141 percent in the last six months, reinforcing the need for real-time, adaptive security measures.

The volatile nature of threat categories, ranging from novel phishing links and cleverly disguised attachments to expertly engineered natural language scams, means that what's effective for attackers can change on a near-weekly basis.

"Traditional security measures are overwhelmed by the sheer volume and adaptability of these threats," adds Kowski. "Organizations need a comprehensive, proactive security strategy backed by real-time detection and mitigation technologies to stay ahead of increasingly agile attackers."

The full report is available from the SlashNext site.

Image credit: sadi.s.junior/depositphotos.com