At least 94 percent of businesses will be affected by phishing attacks in 2023, a 40 percent increase from the previous year. study with Egress.
What’s behind the surge in phishing? One popular answer is artificial intelligence, specifically generative artificial intelligence, which has made it significantly easier for threat actors to create content they can use in phishing campaigns, such as malicious emails and, in more sophisticated cases, deepfake video. Also, AI can help write malicious software that threat actors often install on their victims’ computers and servers as part of phishing campaigns.
Phishing as a serviceor PhaaS, is another development sometimes quoted explain why phishing threats have reached an all-time high. By allowing attackers to hire skilled attackers to run phishing campaigns, PhaaS makes it easy for anyone with a grudge – or a desire to steal money from unsuspecting victims – to launch phishing attacks.
Phishing has become agile
A true understanding of what’s behind the surge in phishing calls for an analysis of how threat actors are using AI and PhaaS to operate in new ways – specifically, to respond more quickly to changing events.
In the past, the time and effort required to create phishing content manually (as opposed to using generative AI) made it difficult for threat actors to capitalize on unforeseen events to launch high-impact campaigns. Likewise, without PhaaS solutions, groups that wanted to target an organization with phishing often didn’t have a quick and easy way to launch an attack. However, recent events show that this is changing.
See popular TTPs for phishing and impersonation at Guide to protection against phishing and impersonation
Phishing attacks targeting developing events
Phishing has a habit of attaching itself to current events in the world in order to take advantage of the excitement or fear associated with those events. This is especially true when it comes to evolving events like the CrowdStrike Blue Screen of Death (BSOD).
Phishing after BSOD CrowdStrike
CrowdStrike, a cybersecurity provider, released an update with bugs on July 19, causing Windows machines to fail to boot properly and users staring at the infamous Blue Screen of Death (BSOD).
CrowdStrike fixed the issue relatively quickly, but not before threat actors began launching phishing campaigns aimed at taking advantage of individuals and businesses looking for a solution. Within the first day of the CrowdStrike incident, Cyberint discovered 17 domain typos related to it. At least two of these domains copied and shared the Crowdstrike workaround, which appeared to be an attempt to collect donations via PayPal. While tracking the breadcrumbs, Cyberint traced the donation page to a software engineer named Alexander Skuratovich, who also posted the site on his LinkedIn page.
Efforts to profit by collecting donations for a patch that originated elsewhere were among the milder attempts to take advantage of the CrowdStrike incident. Other typosquatted domains claimed to offer a fix (which was available for free on CrowdStrike) in exchange for payments of up to €1,000. Domains were taken down, but not before organizations fell victim to them. Cyberint’s analysis shows that the crypto wallet associated with the scheme raised around €10,000.
Phishing attacks in response to planned events
When it comes to planned events, attacks are often more varied and detailed. Threat actors have more time to prepare than after unexpected events like the CrowdStrike crash.
Phishing at the Olympics
Phishing attacks related to the 2024 Paris Olympics also demonstrated the ability of threat actors to run more effective campaigns by tying them to current events.
As one example of attacks in this category, Cyberint detected phishing emails claiming that the recipients had won tickets to the Games and that to collect the tickets they had to make a small payment to cover the cost of shipping.
However, when recipients entered their financial information to pay the fee, the attackers used it to impersonate victims and make purchases from their accounts.
In another example of Olympic-related phishing, criminals in March 2024 registered a professional-looking website that claimed to offer tickets for sale. It was actually a scam.
Although the site was not very old and therefore did not have a strong authority based on its history, it was ranked high in Google searches, making it more likely that people searching for Olympic tickets online would , fall for a trick.
Fishing and football
Similar attacks was played during the Euro 2024 football championshipIn particular, the threat actors launched fraudulent mobile applications impersonating UEFA, the sports association that organized the event. Because the apps used the organization’s official name and logo, it was easy for some people to assume they were legitimate.
It’s worth noting that these apps weren’t listed in app stores run by Apple or Google, which typically detect and remove malicious apps (although there’s no guarantee they’ll do so quickly enough to prevent abuse). They were available through unregulated third-party app stores, making it difficult for consumers to find them, but most mobile devices would not have controls to block apps if a user went to a third-party app store and tried to download malware.
Phishing and recurring events
When it comes to recurring events, phishers also know how to take advantage of situations to launch powerful attacks.
For example, gift card fraud, non-payment fraud, and fake order receipts surge during the holiday season. So are phishing scams that try to lure victims into applying for fake seasonal jobs in an attempt to collect their personal information.
The holidays create a perfect storm for phishing due to increased online shopping, attractive offers and a flood of promotional emails. Fraudsters use these factors to cause significant financial and reputational damage to businesses.
When it comes to phishing, time is of the essence
Unfortunately, AI and PhaaS have made phishing easier, and we should expect threat actors to continue to use such strategies.
See Guide to protection against phishing and impersonation for strategies that businesses and individuals can adopt.
However, businesses can anticipate spikes in attacks in response to certain events or (in the case of recurring phishing campaigns) times of year and take steps to mitigate the risk.
For example, they can teach employees and consumers to be extra careful when responding to content related to a current event.
Although artificial intelligence and PhaaS have made phishing easier, businesses and individuals can still protect themselves against these threats. By understanding the tactics used by threat actors and implementing effective security measures, you can reduce your risk of becoming a victim of phishing attacks.
