New and evolving phishing attacks using AI platforms like ChatGPT are causing major issues

Phishing attacks are one of the most significant threats that organizations face today. As businesses increasingly rely on digital communication channels, cybercriminals exploit email, SMS, and voice communication vulnerabilities to launch sophisticated phishing attacks. Moreover, with the COVID-19 pandemic leading to a surge in remote work over the past several years, the risk of phishing attacks has only increased.

NETSCOUT

The 2023 Zscaler ThreatLabz Phishing Report reveals that phishing attacks are still on the rise, detailing a 47.2% increase in phishing attacks in 2022 compared to the previous year, a result of cybercriminals using increasingly sophisticated techniques to launch large-scale attacks. Additionally, education was the most targeted industry in 2022, with attacks increasing by 576%, while the retail and wholesale sectors dropped by 67% from 2021.

NETSCOUT

Microsoft brands, including OneDrive and Sharepoint, along with crypto exchange Binance and illegal streaming services, were targeted the most. The United States, the United Kingdom, the Netherlands, Russia, and Canada were the top five most targeted countries. Based on the analysis of 280 billion daily transactions and 8 billion daily blocked attacks, the report highlights the growing use of phishing kits and AI tools to launch highly effective campaigns that bypass traditional security models, including MFA.

Zscaler ThreatLabz publishes this report annually to help organizations recognize the social engineering tactics and sophisticated coding used in phishing attacks to prevent costly data breaches. The findings continue to emphasize the need for organizations to re-examine their cybersecurity infrastructure and take proactive measures to mitigate the growing threat of phishing scams and the techniques they leverage.

For example, this year’s report identifies the rise in phishing kits sourced from black markets and chatbot AI tools like ChatGPT, which allow attackers to quickly develop more targeted phishing campaigns that manipulate users into sharing their security credentials. With the increased prevalence of AI and PaaS offerings, cybercriminals can easily compromise institutions and access sensitive data for extortion.

The report also highlights the evolution of phishing attacks beyond SMS phishing (SMiShing) to using voicemail-related phishing (Vishing) to lure victims into opening malicious attachments. Additionally, sophisticated adversary-in-Middle (AiTM) attacks are helping attackers bypass multi-factor authentication (MFA security measures).

To combat these threats, organizations must adopt a Zero Trust architecture that significantly minimizes the attack surface, prevents compromise, and reduces the blast radius in case of a successful attack. In addition, organizations can ensure that every user, application, device, and network is verified by implementing a Zero Trust approach before being granted access to sensitive data.

The 2023 report also provides actionable insights and expert advice on how organizations can employ security best practices to protect themselves from phishing attacks. It highlights the importance of educating employees on the risks of phishing and the need for strong password policies and MFA. Additionally, the report recommends implementing a cloud-based email security solution that uses AI and machine learning to detect and block phishing attacks.

To learn more about the latest phishing threats and how to protect your organization, download the 2023 Zscaler ThreatLabz Phishing Report.