AI leads to a new phishing threat every 42 seconds
AI-powered phishing campaigns are bypassing traditional defenses as threat actors flood inboxes with polymorphic phishing, spoofed brands, and new malware families.
New research from the Cofense Phishing Defense Center (PDC) has tracked one malicious email every 42 seconds. Many of these were part of polymorphic phishing attacks that mutate in real-time in order to bypass traditional filters.
AI has given threat actors the power to automate malware development, scale attacks across industries, and personalize phishing messages with surgical precision. These evolving threats are increasingly able to bypass traditional email filters, highlighting the failure of perimeter-only defenses and the need for post-delivery detection. It also enabled them to outmaneuver traditional defenses through polymorphic campaigns that shift content on the fly. The result is that deceptive messages are increasingly difficult to detect and even harder to stop.
The report finds over 40 percent of malware detected in 2024 to be newly observed, with nearly half classified as Remote Access Trojans (RATs).
Threat actors have broadened their tactics with tax scams up 340 percent, legitimate file abuse up 575 percent, and Microsoft spoofing spiking 156 percent, making campaigns harder to anticipate and block.
There's also been a surge in business email compromise (BEC) attacks, up 70 percent year-on-year, driven by AI's ability to automate lures, spoof internal conversations, and bypass spam filters with subtle text variations.
The report's authors conclude, "The increasing use of AI by threat actors has ushered in a new era of phishing attacks. AI is enabling threat actors to craft emails, SMS texts, deepfake videos, and audio content that are nearly indistinguishable from legitimate communications. This technology drastically reduces the time and cost of creating email-based attacks while increasing their effectiveness, leaving employees and organizations more vulnerable to data theft, financial loss, and reputational damage. And it's just the beginning -- with time, AI-based attacks will only become more personalized and deceptive, leaving organizations at an increased risk of falling victim to threats that exploit both technological vulnerabilities and human error."
The full report is available from the Cofense site.
Image credit: thodonal/depositphotos.com