Egress’ second 2024 Phishing Threat Trends Report analyses what’s selling on the dark web, how one organisation escaped an advanced persistent threat and how organisations are being phished in 2024.
Egress, a KnowBe4 company, recently launched its latest Phishing Threat Trends Report (October 2024), which examines the most recent phishing statistics and threat intelligence insights.
The report explores how cybercriminals commercialise their activities through phishing toolkits, the tactics employed during large-scale commodity attacks, the multi-step process of advanced persistent threat campaigns and the methods of impersonating brands and individuals.
Key stats from the Phishing Threat Trends Report (October 2024)
- 28% increase in phishing emails sent between April 1 – June 30 vs January 1 – March 31, 2024
- 82% of phishing toolkits mentioned deepfakes and 74.8% referenced AI
- During a commodity attack, on average organisations experience a 2,700% increase in phishing attacks compared to the normal baseline
- 72.3% of commodity attacks used a hyperlink as their payload, followed by QR codes at 14.0%
- 89% of phishing emails involve impersonation; Adobe was the most impersonated brand, followed by Microsoft
- 14.9% of impersonation emails were classed as ‘payloadless’, relying solely on social engineering tactics
- 44% of phishing emails were sent from compromised accounts, helping them bypass authentication protocols
Phishing emails surge in Q2, as compromised accounts and hyperlinks dominate
The report reveals a 28% increase in phishing emails sent between April 1 – June 30 vs January 1 – March 31, 2024, with June seeing the highest volume of phishing emails. Over two-fifths (44%) of attacks were sent from compromised accounts to help them bypass authentication protocols, with 8% originating from an account within an organisation’s supply chain. The most prevalent payloads in these emails were hyperlinks, found in 45% of cases, followed by attachments, which appeared in 23% of the phishing emails.
Commodity attacks overwhelm cybersecurity admins
Commodity attacks – mass-produced, malicious campaigns that typically mimic spam by impersonating brands on a large scale – are rising in popularity, peaking at 13.6% of all phishing emails detected by Egress Defend in December 2023.
During a commodity campaign, organisations experience a staggering 2,700% increase in phishing attacks compared to their normal baseline. These attacks are primarily image-based, with 51.1% featuring a single graphic; often include hyperlinks (72.3%); and are highly polymorphic, randomising elements like links and display names.
This flood of unsophisticated threats creates white noise, potentially masking more sophisticated and targeted phishing attempts, making detection even harder for cybersecurity admins.
Impersonation tactics continue to prevail
The Phishing Threat Trends Report reveals that 89% of phishing emails involve impersonation, with Adobe ranking as the most impersonated brand and DHL as the most impersonated mail carrier.
Between January 1 and August 31, 2024, 26% of phishing emails impersonated brands unconnected to the recipient through an established business relationship. Among these, 9.7% impersonated phone or video conferencing providers (such as Zoom) and 5.3% impersonated mail carriers (such as UPS or DPD), frequently using ‘missed voicemail’ or ‘missed delivery’ campaigns.
The next most common impersonation attacks involved posing as the recipient’s company, accounting for 16.0% of incidents, with HR being the most frequently impersonated department.
New employees with a tenure of two to seven weeks were the most targeted individuals for phishing emails impersonating VIPs, typically as part of CEO fraud attacks. Outside of employer-related attacks, Jeff Bezos and Elon Musk were among the most impersonated celebrities.
Jack Chapman, SVP of Threat Intelligence at Egress, a KnowBe4 company, said: “The fourth edition of the Egress Phishing Threat Trends report offers eye-opening insights into the shifting landscape of phishing threats in 2024, revealing alarming trends based on data from Egress Defend and exclusive intelligence from the Egress Threat Intelligence team.
“One of the most troubling findings is the rapid commoditisation of AI in phishing toolkits, which is putting advanced threats into the hands of less sophisticated cybercriminals. Organisations must respond by adopting advanced AI defences that effectively counter these evolving threats; while ensuring they aren’t introducing new vulnerabilities by using AI for AI’s sake.
“As the old saying goes, ‘the only constant is change,’ and this is especially true in cybersecurity. As cybercriminals pivot away from one tactic that is no longer reaping the same rewards, a new one pops up to take its place. However, the report highlights one enduring reality: modern phishing threats are increasingly driven by impersonation tactics, which have become the backbone of many advanced and targeted attacks against organisations.
“The Phishing Threat Trends report is a must-read for all cybersecurity teams who want to stay ahead of emerging threats. It provides crucial insights and actionable strategies that are essential for outpacing evolving risks and securing your organisation,” added Chapman.