Phishing Attacks Surge As Cyber Criminals Exploit New AI Tools

Phishing campaigns worldwide rose nearly 50% in 2022 compared to 2021 driven partly by phishing kits and new AI tools accessible to threat actors, according to zero trust security vendor Zscaler’s ThreatLabz Phishing Report. The company believes that the 2022 increase compared to 2021 was likely driven partly by phishing kits and new AI tools that are now accessible to threat actors. 

AI tools can help threat actors craft convincing phishing messages that are devoid of some of the typical flags of a phishing attempt. 

According to ZScaler 65% of phishing attacks worldwide occurred in the US, and the education sector experienced a 576% increase. Additionally, the finance sector experienced a significant increase in phishing attacks. Their report highlights recent trends in phishing and attackers continue to rely on stolen credentials to leverage attacks but have integrated new techniques with AI tools such as ChatGPT.

The ZScaler report found that most modern phishing attacks rely on stolen credentials and outlined the growing threat from Adversary-in-the-Middle (AitM) attacks, increased use of the InterPlanetary File System (IPFS). This is a distributed peer-to-peer file system that allows users to store and share files on a decentralised network of computers, as well as reliance on phishing kits sourced from black markets and AI tools like ChatGPT.

The development of phishing has been considerably aided by AI tools like ChatGPT and phishing kits, which have lowered the technological entry barriers for thieves and saved them time and resources. 

According to the paper, “large language models, such as ChatGPT, have made it simpler for cyber criminals to create harmful code, Business Email Compromise (BEC) assaults, and produce polymorphic malware that makes it more difficult for victims to recognise phishing.

A phishing page stored on IPFS is far more challenging to remove due to the peer-to-peer nature of the network. A significant phishing campaign that uses adversary-in-the-middle attacks was just detected by ThreatLabz. AiTM attacks employ strategies that can defeat standard multi-factor authentication procedures.

These findings are based on a year’s worth of global data from the Zscaler security cloud, which monitors over 280 billion transactions daily across the globe, from January 2022 through December 2022.The US, the UK, the Netherlands, Russia, and Canada were the top five most targeted nations. The research lists some brands most frequently replicated as Microsoft, Binance, Netflix, Facebook, and Adobe. 

Because they can successfully resemble legitimate messages, these AI-driven phishing efforts are more challenging to spot and defeat, which increases the likelihood that victims would fall for the scams.  For instance, the survey revealed an increase in bad actors who use vishing and recruiting scams to target job searchers. 

Researchers at Zscaler predict that threat actors will use AI tools more regularly to find fresh targets for phishing scams and they expect to see more sophisticated scams in various forms of communication, including websites, SMS, and email. 

ZScaler:    SDXCentral:    Oodaloop:      Infosecurity Magazine:   Information Security Buzz:  

You Might Also Read: 

AI Is Creating New Mobile Scamming Threats:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Retrofixing The Remote Workforce
Cyber Security And Ransomware Attacks - Problems & Solutions »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ON-DEMAND WEBINAR: 2024 and beyond: Top six cloud security trends

ON-DEMAND WEBINAR: 2024 and beyond: Top six cloud security trends

Learn about the top cloud security trends in 2024 and beyond, along with solutions and controls you can implement as part of your security strategy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Renaissance

Renaissance

Renaissance is Ireland's premier value added distributor of IT security solutions and a leading independent provider of business continuity consultancy.

Micro Focus

Micro Focus

Micro Focus is one of the world’s largest enterprise software providers. We deliver trusted and proven mission-critical software that keeps the digital world running.

Engage Black

Engage Black

Engage Black provides solutions for securing and protecting cryptographic keys, data at rest, and data in motion.

AppSec Labs

AppSec Labs

AppSec Labs specialise in application security. Our mission is to raise awareness in the software development world to the importance of integrating software security across the development lifecycle.

OnSystem Logic

OnSystem Logic

OnSystem Logic has developed a unique, patent-pending solution to solve the problem of the exploitation of flaws in application software as a technique for cyber attacks.

Multitel

Multitel

Multitel is an independent research centre. We develop and integrate emerging technologies into the industrial fabric at the regional and international levels.

Mphasis

Mphasis

Mphasis is a leading applied technology services company applying next-generation technology to help enterprises transform businesses globally.

SpecterOps

SpecterOps

SpecterOps has unique insight into the cyber adversary mindset and brings the highest caliber, most experienced resources to assess your organizations defenses.

Axur

Axur

Discover and eliminate digital fraud and risks on the web. Utilize Axur’s entire AI potential, along with thousands of bots dispersed throughout the surface web as well as the deep and dark web.

Cybersecurity Maturity Model Certification Center of Excellence (CMMC COE)

Cybersecurity Maturity Model Certification Center of Excellence (CMMC COE)

CMMC COE is an IT-AAC sponsored public–private partnership that will be the focal point for entities seeking to achieve Cybersecurity Maturity Model Certification.

Cyber Dacians

Cyber Dacians

Cyber Dacians offers Information and Cyber Security Consulting Services. We help you to test the effectiveness of your security defenses and build a secure infrastructure.

Cyber Suraksa

Cyber Suraksa

We make security simple and hassle-free by offering a sustained and secure IT environment with next-gen cybersecurity solutions through a scalable security-as-a-service model.

WBM Technologies

WBM Technologies

WBM Technologies is a Western Canadian leader in the provision of outcomes-driven information technology solutions.

BreachBits

BreachBits

BreachBits are on a mission to deliver world-class cyber risk insights continuously at scale in situations where knowing the true risk truly matters.

Iron Mountain

Iron Mountain

Iron Mountain Incorporated is a global business dedicated to storing, protecting and managing, information and assets.

Enterprise Strategy Group

Enterprise Strategy Group

Enterprise Strategy Group, a division of TechTarget, is an IT analyst, research, validation, and strategy firm that provides market intelligence and actionable insight to the global IT community.