Curated by THEOUTPOST
On Thu, 19 Dec, 12:02 AM UTC
2 Sources
[1]
SlashNext's 2024 Phishing Intelligence Report Shows Credential Phishing Attacks Increased by 703% in the Second Half of the Year
Overall, email-based attacks are up 202%, and of all embedded malicious links, 80% are previously unknown zero-day threats PLEASANTON, Calif., Dec. 18, 2024 /PRNewswire/ -- SlashNext, the leader in next-gen AI cloud email and communications security, today released its newest report titled "Prepare for 2025: 2024 Phishing Intelligence Report" to help organizations anticipate and ready themselves for scams expected in the next year. Spanning billions of analyzed threats across email and mobile channels -- including Business Email Compromise (BEC), malicious links, attachments, QR codes, and AI-driven natural language attacks -- the report offers a comprehensive look at the rapidly evolving phishing landscape and the vectors most exploited by cybercriminals in the past year, identifying necessary considerations for organizations aiming to strengthen their security defenses against these attacks in 2025. Key Findings from the 2024 Report: Credential Phishing Soars by 703%: Credential theft attacks surged dramatically in the second half of 2024, signaling a sharp escalation in the use of sophisticated phishing kits and social engineering tactics.Massive Uptick in Email-Based Attacks: Overall, email-based threats rose by 202% in the latter half of the year, with individual users receiving at least one advanced phishing link per week capable of bypassing traditional network security controls.Zero-Day Dominance: Of all embedded malicious links observed, 80% were previously unknown zero-day threats -- underscoring the limitations of static threat intelligence and signature-based detection methods.Frequent User Exposure: During peak periods, users faced an average of 3-6 threats per week, and annually, up to 600 mobile threats per user. Social engineering-based attacks rose by 141% in the last six months, reinforcing the need for real-time, adaptive security measures. "In early 2024, we witnessed a sharp spike in attacks as adversaries quickly learned to integrate AI into their phishing strategies, resulting in far higher volumes of advanced and effective threats," said Stephen Kowski, Field CTO, SlashNext. "By the second half of the year, the growth in attack volume was more gradual but still persistent. We fully anticipate this upward trajectory will continue into 2025, especially as our threat research team uncovers new, advanced phishing kits freely available on the Dark Web." Looking ahead to 2025, we expect this rapid evolution to accelerate, with AI-generated attacks becoming more sophisticated and harder to detect, while attackers increasingly target messaging platforms beyond email, including business collaboration tools, SMS, and social media. The bottom line is phishing isn't an email-only problem anymore; it is a broader messaging security problem that requires a fundamental shift in how organizations approach threat detection and prevention. The volatile nature of threat categories -- ranging from novel phishing links and cleverly disguised attachments to expertly engineered natural language scams -- means that what's effective for attackers can change on a near-weekly basis. "Traditional security measures are overwhelmed by the sheer volume and adaptability of these threats," continued Kowski. "Organizations need a comprehensive, proactive security strategy backed by real-time detection and mitigation technologies to stay ahead of increasingly agile attackers." Read the full 2024 Phishing Intelligence Report and learn more about how organizations can prepare for the 2025 phishing landscape. About SlashNext SlashNext's mission is to protect individuals and organizations worldwide against the dangers of BEC, phishing, ransomware and other cybercrime attacks across all email, mobile, and web messaging channels. The SlashNext Completeâ„¢ integrated cloud email, mobile, and web messaging security platform utilizes patented SlashNext AI to detect, predict, and stop real-time messaging threats with extraordinary accuracy. Trusted by global organizations, SlashNext protects millions of mailboxes, endpoints, and APIs. Visit www.SlashNext.com to take advantage of SlashNext's award-winning Integrated Cloud Messaging Security service to safeguard your organization from BEC phishing and cybercrime today. Emily Ashley ICR-Lumina for SlashNext SlashNext@luminapr.com View original content to download multimedia:https://www.prnewswire.com/news-releases/slashnexts-2024-phishing-intelligence-report-shows-credential-phishing-attacks-increased-by-703-in-the-second-half-of-the-year-302334475.html SOURCE SlashNext Market News and Data brought to you by Benzinga APIs
[2]
SlashNext report warns of eightfold rise in credential phishing as AI drives sophistication - SiliconANGLE
SlashNext report warns of eightfold rise in credential phishing as AI drives sophistication A new report released today by phishing protection company SlashNext Inc. highlights a sharp escalation in phishing attacks as 2024 comes to a close, with a staggering eightfold increase in the second half of the year. The Prepare for 2025: 2024 Phishing Intelligence Report is based on an analysis of billions of threats across email, mobile and messaging platforms. It takes a deep dive into the rapidly evolving phishing landscape and the tactics cybercriminals use to exploit emerging vulnerabilities. The company says headline finding of a 703% rise in credential phishing attacks during the second half of 2024 indicates the increasing sophistication of cybercriminal tactics. The surge was found to have been driven by the widespread availability of advanced phishing kits on the dark web, the shady corner of the internet where scammers and cyber criminals sell user data, that allows attackers to automate and scale up their efforts. The SlashNext researchers also note that the rise of generative artificial intelligence has also allowed phishing campaigns to deploy highly convincing, personalized attacks that make it easier to bypass traditional security measures and deceive users. Email-based attacks were found to have surged more than threefold in the second half of 2024, driven by increasingly sophisticated phishing techniques and the use of AI to craft convincing, targeted messages. Attackers were found to be exploiting advanced phishing kits and zero-day links that evade traditional security controls, allowing malicious content to reach inboxes undetected. Other findings in the report include zero-day threats, those not yet patched with updated software, now dominating the phishing landscape, with 80% of malicious links identified as previously unknown. The threats, often generated moments before deployment using AI and automation tools, bypass traditional security measures reliant on signature-based detection. Users also faced significant exposure to phishing threats in 2024, with an average of three to six attacks per week during peak periods and up to 600 mobile threats annually. The attacks faced by users on their devices often bypass traditional defenses, exposing them to advanced social engineering tactics and malicious links. The consistent frequency of the threats is noted as underscoring an urgent need for organizations to implement real-time, adaptive security measures to protect users from the relentless and evolving nature of phishing campaigns. "In early 2024, we witnessed a sharp spike in attacks as adversaries quickly learned to integrate AI into their phishing strategies, resulting in far higher volumes of advanced and effective threats," said Stephen Kowski, field chief technology officer at SlashNext. "By the second half of the year, the growth in attack volume was more gradual but still persistent." Looking ahead to 2025, SlashNext expects the rapid evolution of phishing attacks to accelerate, driven by increasingly sophisticated AI-generated threats that are harder to detect. Attackers are expanding beyond email to target messaging platforms such as business collaboration tools, SMS and social media, making phishing a broader messaging security problem. "Traditional security measures are overwhelmed by the sheer volume and adaptability of these threats," Kowski added. "Organizations need a comprehensive, proactive security strategy backed by real-time detection and mitigation technologies to stay ahead of increasingly agile attackers."
Share
Share
Copy Link
SlashNext's 2024 Phishing Intelligence Report highlights a dramatic rise in AI-driven phishing attacks, with credential theft attempts soaring by 703% in the latter half of the year. The report underscores the growing sophistication of cybercriminal tactics and the urgent need for advanced security measures.
SlashNext, a leader in AI-powered cloud email and communications security, has released its "Prepare for 2025: 2024 Phishing Intelligence Report," revealing a startling surge in phishing attacks throughout 2024. The report, which analyzed billions of threats across various communication channels, highlights the rapid evolution of cybercriminal tactics and the growing role of artificial intelligence in shaping the threat landscape 1.
The most alarming finding is the 703% increase in credential phishing attacks during the second half of 2024. This eightfold rise is attributed to the widespread availability of advanced phishing kits on the dark web, enabling attackers to automate and scale their operations significantly 2.
Overall email-based attacks saw a 202% increase in the latter half of the year. The report reveals that 80% of embedded malicious links were previously unknown zero-day threats, highlighting the limitations of traditional signature-based detection methods 1.
The integration of generative AI into phishing strategies has led to highly convincing, personalized attacks that easily bypass traditional security measures. This technological advancement has allowed cybercriminals to craft targeted messages that are increasingly difficult to distinguish from legitimate communications 2.
During peak periods, users faced an average of 3-6 threats per week, with up to 600 mobile threats annually per user. This consistent exposure underscores the need for real-time, adaptive security measures to protect against the relentless nature of modern phishing campaigns 1.
The report indicates that phishing is no longer just an email problem. Attackers are increasingly targeting messaging platforms beyond email, including business collaboration tools, SMS, and social media. This expansion requires a fundamental shift in how organizations approach threat detection and prevention 1.
Stephen Kowski, Field CTO at SlashNext, predicts that the rapid evolution of phishing attacks will accelerate into 2025, with AI-generated attacks becoming more sophisticated and harder to detect. The volatile nature of threat categories means that effective attack methods can change on a near-weekly basis 2.
The report emphasizes that traditional security measures are overwhelmed by the volume and adaptability of these threats. Organizations are urged to implement comprehensive, proactive security strategies backed by real-time detection and mitigation technologies to stay ahead of increasingly agile attackers 1 2.
CrowdStrike's latest report reveals a 150% increase in China-linked cyberattacks and a significant rise in AI-powered threats, highlighting evolving cybersecurity challenges for 2025.
6 Sources
6 Sources
As AI technology advances, cybercriminals are leveraging it to create more sophisticated and personalized social engineering attacks, posing significant challenges for organizations, especially SMEs and supply chains.
3 Sources
3 Sources
AI-generated phishing emails are becoming increasingly sophisticated, targeting executives and individuals with hyper-personalized content. This new wave of cyber attacks poses significant challenges for email security systems and users alike.
9 Sources
9 Sources
Kaspersky explores how AI is revolutionizing phishing attacks, making them more sophisticated and difficult to detect, posing a significant threat even to experienced employees.
2 Sources
2 Sources
Check Point Software's annual report highlights a significant increase in cyber-attacks, the rising role of AI in cybercrime, and provides key insights for cybersecurity professionals to navigate the evolving threat landscape.
2 Sources
2 Sources
The Outpost is a comprehensive collection of curated artificial intelligence software tools that cater to the needs of small business owners, bloggers, artists, musicians, entrepreneurs, marketers, writers, and researchers.
© 2025 TheOutpost.AI All rights reserved