Phishing Attacks Surge As Cyber Criminals Exploit New AI Tools

Uploaded on 2023-05-05 in TECHNOLOGY-Key Areas-Artificial Intelligence, FREE TO VIEW

Phishing campaigns worldwide rose nearly 50% in 2022 compared to 2021 driven partly by phishing kits and new AI tools accessible to threat actors, according to zero trust security vendor Zscaler’s ThreatLabz Phishing Report. The company believes that the 2022 increase compared to 2021 was likely driven partly by phishing kits and new AI tools that are now accessible to threat actors. 

AI tools can help threat actors craft convincing phishing messages that are devoid of some of the typical flags of a phishing attempt. 

According to ZScaler 65% of phishing attacks worldwide occurred in the US, and the education sector experienced a 576% increase. Additionally, the finance sector experienced a significant increase in phishing attacks. Their report highlights recent trends in phishing and attackers continue to rely on stolen credentials to leverage attacks but have integrated new techniques with AI tools such as ChatGPT.

The ZScaler report found that most modern phishing attacks rely on stolen credentials and outlined the growing threat from Adversary-in-the-Middle (AitM) attacks, increased use of the InterPlanetary File System (IPFS). This is a distributed peer-to-peer file system that allows users to store and share files on a decentralised network of computers, as well as reliance on phishing kits sourced from black markets and AI tools like ChatGPT.

The development of phishing has been considerably aided by AI tools like ChatGPT and phishing kits, which have lowered the technological entry barriers for thieves and saved them time and resources. 

According to the paper, “large language models, such as ChatGPT, have made it simpler for cyber criminals to create harmful code, Business Email Compromise (BEC) assaults, and produce polymorphic malware that makes it more difficult for victims to recognise phishing.

A phishing page stored on IPFS is far more challenging to remove due to the peer-to-peer nature of the network. A significant phishing campaign that uses adversary-in-the-middle attacks was just detected by ThreatLabz. AiTM attacks employ strategies that can defeat standard multi-factor authentication procedures.

These findings are based on a year’s worth of global data from the Zscaler security cloud, which monitors over 280 billion transactions daily across the globe, from January 2022 through December 2022.The US, the UK, the Netherlands, Russia, and Canada were the top five most targeted nations. The research lists some brands most frequently replicated as Microsoft, Binance, Netflix, Facebook, and Adobe. 

Because they can successfully resemble legitimate messages, these AI-driven phishing efforts are more challenging to spot and defeat, which increases the likelihood that victims would fall for the scams.  For instance, the survey revealed an increase in bad actors who use vishing and recruiting scams to target job searchers. 

Researchers at Zscaler predict that threat actors will use AI tools more regularly to find fresh targets for phishing scams and they expect to see more sophisticated scams in various forms of communication, including websites, SMS, and email. 

ZScaler:    SDXCentral:    Oodaloop:      Infosecurity Magazine:   Information Security Buzz:  

You Might Also Read: 

AI Is Creating New Mobile Scamming Threats:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Retrofixing The Remote Workforce
Cyber Security And Ransomware Attacks - Problems & Solutions »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NCC Group

NCC Group

NCC Group is a global cyber and software resilience business operating across multiple sectors, geographies and technologies.

Netregistry

Netregistry

Safeguard your website with our range of website security products that help prevent, detect and recover from a hacking attack.

Allegro Software

Allegro Software

Allegro provide secure software for the Internet of Things.

Aeriandi

Aeriandi

Aeriandi is a leading provider of hosted PCI security compliance solutions for call centres, trusted by high street banks and major Telcos.

Optiv

Optiv

Optiv is a market-leading provider of end-to-end cyber security solutions. We help clients plan, build and run successful cyber security programs that achieve business objectives.

FinlayJames

FinlayJames

FinlayJames supports cyber security companies to meet the increasing demand and pressure on them by finding top talent within the industry for their sales, marketing and technical teams.

Odyssey

Odyssey

Odyssey is an ISO 27001 certified, Cyber -Security, Infrastructure and Risk Management Solutions integrator and a Managed Security Services Provider.

Center for Analysis & Investigation of Cyber-Attacks (CAICA)

Center for Analysis & Investigation of Cyber-Attacks (CAICA)

The Center for Analysis & Investigation of Cyber-Attacks is one of the leading Kazakhstan organisations in the field of information and computer security.

AlAnsari Technical Solutions (ATS)

AlAnsari Technical Solutions (ATS)

ATS is a Kuwait based company specialised in delivering hardware/software, Virtualisation, IP Telephony / Unified Communication, Networking and professional IT services and solutions.

Cybersec Infohub

Cybersec Infohub

Cybersec Infohub is a Hong Kong government programme to enhance the exchange of cyber security information with industry and enterprises to jointly defend against cyber attacks.

Robert Walters

Robert Walters

Robert Walters is one of the world's leading global specialist professional recruitment and recruitment process outsourcing consultancies.

HARMAN International

HARMAN International

HARMAN designs and engineers connected products and solutions for automakers, consumers, and enterprises worldwide.

AirEye

AirEye

AirEye is a leader in Network Airspace Protection (NAP). Block attacks against your corporate network launched from wireless devices in your corporate network airspace.

Intaso

Intaso

Intaso are a boutique head hunting and talent solution firm with specialist Cyber and Information Security expertise.

Spera Security

Spera Security

Spera helps identity security professionals effectively and confidently measure, prioritize and reduce identity risk to better protect the organization from identity-based attacks.

Minorities in Cybersecurity (MiC)

Minorities in Cybersecurity (MiC)

MiC was developed out of a unique passion to help fill the gap that exists in the support and development of women and minority leaders in the cybersecurity field.