Alarming spike in phishing, BEC and other
message-based attacks fueled by weaponization of Generative AI
tools
PLEASANTON, Calif., May 22, 2024
/PRNewswire/ -- SlashNext, the leader in next gen AI
cloud email, mobile, and web messaging security,
today released its 2024 Mid-Year Assessment on The
State of Phishing. This report is an update
to SlashNext's annual State of Phishing report, which
the SlashNext Threat Labs team last issued
in October 2023. The surge in phishing attacks reported at
that time prompted the team to conduct another comprehensive
analysis at the six-month mark to determine if the upward trend was
persisting, especially as threat actors continue to leverage
generative AI tools to aid their phishing, business email
compromise (BEC) and other social engineering attacks.
Fueled by AI-generated attacks, the Mid-Year
Assessment revealed a 341% increase in malicious phishing
link, BEC, QR Code and attachment-based email and multi-channel
messaging threats in the last six months alone. This was on top of
a staggering 856% increase in malicious email and messaging
threats over the prior 12 months. And, since the launch
of ChatGPT in November
2022, there has been a 4,151% increase in malicious phishing
messages sent.
"Humans have been, and will continue to be, the weakest point in
any organization's security," said Patrick
Harr, CEO, SlashNext. "There is a reason threat actors
continue to iterate on tactics like phishing that have been around
for decades – they are highly effective. According
to Verizon's 2024 Data Breach Investigations Report, humans
are increasingly falling for phishing attacks and it now takes a
median time of only 21 seconds for a user to click on a malicious
link, and only another 28 seconds to then enter their personal
data. We know from our research these attacks are getting a boost
from generative AI tools that are readily available. Threat actors
are using gen AI to customize messages for their victims, write
more convincing messages, and dramatically accelerate the speed and
volume of these attacks with little to no added cost."
In looking at specific threat
types, SlashNext Threat Labs found a 217% increase
in credential harvesting phishing attacks and a 29% increase in BEC
attacks in the last six months. Losses due to BEC attacks
exceeded $2.9B in 2023, at an average
cost of $137,000 per BEC incident,
according to the recent FBI IC3 Report. In
addition, mobile phones have emerged as the
most utilized and vulnerable communications channel, with
45% of all mobile threats now being reported
as SMS smishing attacks.
CAPTCHA-based attacks, particularly using CloudFlare, are
also on the rise and they are being
used to mask credential harvesting
forms. Attackers are generating thousands of domains and
implementing CloudFlare's CAPTCHAs to hide credential
phishing forms from security protocols that are unable to bypass
theCAPTCHAs.
"Leveraging legitimate services like Microsoft Sharepoint,
AWS, and Salesforce to hide phishing and malware is another
favorite tactic employed by threat actors because it preys on
users' trust in these tools," continued Harr. "In addition to
CAPTCHA-based attacks, QR code-based attacks are growing in
popularity and now comprise 11% of all malicious emails – often
embedded in legitimate infrastructures. The onus should not be on
users to identify and avoid sophisticated attacks, especially when
the research proves that relying on training and traditional
cybersecurity tools is ineffective against modern attack tactics.
It's time to fight AI with AI and implement AI-powered email and
messaging security tools that keep malicious messages out of users'
inboxes altogether."
To counter the growing sophistication of these cyberattacks, the
SlashNext advanced gen AI security platform is specifically
engineered to identify, anticipate and block complex BEC threats,
phishing, and ransomware. Utilizing generative AI, natural language
parallel prediction, computer vision, relationship graphs, and
contextual analysis, the platform achieves an industry-leading
detection rate of 99.99%. Discover more about the SlashNext
platform and schedule a demo.
Download the full 2024 Mid-Year Assessment to The State of
Phishing report.
SlashNext is cohosting a live webinar with the FBI on
Wednesday, May 22 at 11 a.m. PT that will discuss key revelations from
the 2024 FBI Internet Crime Complaint Center Report. Register
for the live webinar, "BEC, Gen AI and the FBI 2024 IC3 Report:
Exploring the Most Dangerous Cybercrime."
About SlashNext
SlashNext's mission is to protect millions of organizations
worldwide against the dangers of BEC, phishing and other cybercrime
attacks in all email, mobile and web messaging and communication
channels. Deployed in minutes, the SlashNext Complete™ integrated
cloud email, mobile and web messaging security platform utilizes
patented SlashNext AI technology to detect, predict and stop
real-time messaging threats, SPAM and Graymail with extraordinary
99.99% accuracy in Microsoft 365, SMS/Text, Gmail, LinkedIn,
WhatsApp, Telegram, Slack, Teams, and over 3K+ messaging and
communication apps. SlashNext is trusted by global organizations
with over eight million mailboxes, endpoints and APIs protected. Be
extraordinary and take advantage of SlashNext's Integrated Cloud
Messaging Security for email, browser, and mobile to protect your
organization from BEC, phishing and cybercrime
today. www.SlashNext.com
Media Contact
Emily Ashley
ICR-Lumina for SlashNext
SlashNext@luminapr.com
View original content to download
multimedia:https://www.prnewswire.com/news-releases/slashnext-mid-year-state-of-phishing-report-shows-341-increase-in-bec-and-advanced-phishing-attacks-302152148.html
SOURCE SlashNext