Phishing

The cybersecurity landscape is a constantly changing one, with new threats emerging and old ones evolving. This makes it difficult for organizations to ensure their defenses are up to the task of properly protecting them.

We spoke to Balazs Greksza, threat response lead at Ontinue which recently published its first threat intelligence report, to find out about the latest threats and how organizations can address them.

Almost three times as many phishing, malicious, deny-listed, and offensive links have been delivered to mobile devices than a year ago, according to a new report from Lookout.

The Lookout Mobile Threat Landscape Report is based on data derived from the Lookout Security Cloud that analyzes data from more than 220 million devices, 325 million apps and billions of web items.

The last six months has seen a 341 percent increase in malicious emails, including an alarming spike in phishing, BEC, and other message-based attacks fueled by the continued growth of generative AI.

The latest State of Phishing Report from SlashNext finds that since the launch of ChatGPT in November 2022, there has been a 4,151 percent increase in malicious emails sent.

The latest Email Threat Trends report from VIPRE Security Group identifies the US as the top source of spam emails globally, followed by the UK, Ireland, and Japan. The US, UK, and Canada are the top three countries most subjected to email-based attacks.

Looking at targets, the manufacturing, government, and IT sectors are the most attacked by malicious actors. In Q1 2024, the manufacturing sector suffered 43 percent of email-based attacks, with government (15 percent) and IT (11 percent) trailing well behind. This is a change from Q1 2023, when attackers targeted the financial (25 percent), healthcare (22 percent), and education (15 percent) sectors most often.

Since the launch of ChatGPT there has been a surge in the number of phishing emails as AI makes it easier to create convincing lures.

Email security specialist SlashNext is fighting AI with AI thanks to the launch of a new generative AI large language model (LLM) to deliver accuracy and precision in spam detection, with claimed near-zero false positive rates.

As we observe Stress Awareness Month, it's important to recognize the toll that phishing attacks can take on individuals and organizations. These attacks have become increasingly sophisticated and widespread, with a staggering 94 percent of organizations falling victim to successful phishing attacks. As cybercriminals continue to exploit human vulnerabilities through social engineering, the impact on employee stress levels is a growing concern that cannot be ignored.

The constant vigilance required to identify and avoid these attacks, along with the potential consequences of falling victim, can contribute to increased anxiety and decreased productivity in the workplace. Addressing this issue is of paramount importance, to protect both the wellbeing of employees and the security of sensitive information.

A new report reveals a year-on-year increase of nearly 60 percent in global phishing attacks, fueled in part by the proliferation of generative AI-driven schemes such as voice phishing (vishing) and deepfake phishing.

The report from Zscaler ThreatLabz shows that in 2023 the US (55.9 percent), UK (5.6 percent) and India (3.9 percent) are the top countries targeted by phishing scams. The high level of phishing in the US is attributable to its advanced digital infrastructure, large population of internet-connected users and extensive use of online financial transactions.

Most incidents of phishing or spoofing on smartphones still happen via email, according to MEF's (Mobile Ecosystem Forum) 9th Annual Trust Study.

The report shows 52 percent of users reporting personal experience of data harm via this channel. Surprisingly, 39 percent of those users still took no preventative measures to protect their online data.

A new report reveals that millennials are the top targets for phishing attacks, receiving 37.5 percent of phishing emails.

The latest phishing trends report from Egress also highlights the widespread adoption of AI and QR code phishing (quishing). Quishing has risen from 0.8 percent in 2021 to 10.8 percent in 2024, whereas attachment-based payloads halved from 72.7 percent to 35.7 percent in the same period.

New research from BlueVoyant shows the use of malicious search engine ads is on the rise and poses a significant threat to internet users and companies.

These ads can lead to phishing websites or malware downloads, putting personal, financial and corporate information at risk. For companies, a compromise via phishing can lead to brand reputation damage, financial loss, and loss of customer trust.

A new report shows that 95 percent of IT leaders say that cyberattacks are more sophisticated than ever and they are unprepared for this new wave of threat vectors.

The survey, of more than 800 IT and security leaders around the world, from Keeper Security reveals that firms are witnessing AI-powered attacks (51 percent), deepfake technology and supply chain attacks (both 36 percent), cloud jacking (35 percent), Internet of Things (IoT) attacks and 5G network exploits (both 34 percent), and fileless attacks (24 percent).

Kaspersky's annual spam and phishing report, released today, shows its anti-phishing system thwarted over 709 million attempts to access phishing and scam websites in 2023 -- a 40 percent increase over 2022.

There's also been a surge in attacks spread via messaging platforms, including 62,127 phishing attempts on Telegram -- a 22 percent increase from the year before. AI platforms, social media services, and cryptocurrency exchanges are the other most-exploited channels.

A new report shows that 66 percent of organizations in the UK experienced at least one successful phishing attack in 2023 compared to 91 percent the previous year.

However, the study from Proofpoint shows the negative consequences of attacks have soared, with a 30 percent increase in reports of financial penalties, such as regulatory fines, and a 78 percent increase in reports of reputational damage.

A new report from Cofense based on data from its Phishing Detection Center identifies over 1.5 million malicious emails bypassing customers' secure email gateways (SEGs), a 37 percent increase in threats compared to 2022.

The report shows that SEGs struggle to keep pace with sophisticated phishing campaigns and that relying on 'good enough' email security is no longer an option for most enterprises.

Phishing is the most common form of cyberattack as criminals seek to obtain credentials to access bank accounts or corporate networks.

Abnormal Security has analyzed which phishing attacks generate the highest click rate and categorized them based on the words included in the subject line.