The evolving threat landscape: Staying ahead of phishing attack trends

0
13

Email security is on cybersecurity leaders’ minds. 95% of CISOs are stressed about it, and with 94% of organizations experiencing incidents in the past year, it’s well justified. Phishing (predictably) tops the list of CISOs’ concerns, with email giving cybercriminals a direct line to every employee. Additionally, phishing isn’t a static threat: it can’t be patched away like a software vulnerability and, in an ever-evolving threat landscape, CISOs have struggled to determine who the next target will be, what threats will evade their existing defenses, and how and why they’re being targeted. Gone are the days of effectively managing phishing through blocklists and telling people to look out for awful typos and complicated sender email domains; cybercriminal gangs now use an arsenal of techniques and technologies to improve their success rates in bypassing both the technical and human layers.

Jack Chapman

VP of Threat Intelligence at Egress.

In 2023, cybersecurity teams worldwide witnessed a staggering increase in QR code phishing, known as “quishing,” which rapidly climbed up the list of their primary concerns. These attacks were not only prolific but also highly effective, demonstrating how cybercriminals can deftly exploit new technologies and consumer complacency at scale. In 2021 and 2022, QR code payloads in phishing emails accounted for a mere 0.8% and 1.4% of attacks, respectively. By 2023, this figure had surged to 12.4%, and it continued at 10.8% in Spring 2024. This quishing boom is anticipated to persist until most organizations implement robust defenses against this type of attack, reducing cybercriminals’ returns and forcing them to utilize other tactics.

LEAVE A REPLY

Please enter your comment!
Please enter your name here