A recent report has unveiled a significant and concerning trend in cybersecurity. The report, compiled by SlashNext Threat Labs, reveals a staggering 1265% surge in malicious phishing emails since Q4 2022. This annual report spans a 12-month analysis of threats across various channels, including email, mobile, and browsers, from Q4 2022 to Q3 2023. It also underscores a notable 967% increase in credential phishing attacks.
One of the key drivers behind this alarming increase in phishing threats, according to Patrick Harr, the CEO of SlashNext, is the growing role of generative AI. He explains that threat actors have been harnessing tools like ChatGPT to craft sophisticated and highly targeted Business Email Compromise (BEC) and other phishing messages. The sharp uptick in these threats, coinciding with the launch of ChatGPT, is not merely a coincidence but rather a testament to the impact of generative AI on cyber threats.
Harr clarifies that the intention is not to exaggerate the dangers of generative AI but to help both customers and the broader cybersecurity community grasp the true risks and respond effectively.
The report’s findings also include an average of 31,000 daily phishing attacks. A significant portion of that, 68%, is identified as text-based BEC attacks. A survey involving over 300 cybersecurity professionals indicated that 46% of respondents had encountered BEC attacks.
Furthermore, 77% of these cybersecurity professionals have been the targets of phishing attempts. With 28% of those attacks were delivered via text messages, categorized as SMS phishing (Smishing). This highlights the evolving threat landscape, focusing increasingly on mobile-based and multi-stage attacks.
The report underlines the urgency for organizations to adopt comprehensive protective measures. This includes increasingly relying on AI-driven solutions to counter the proliferation of AI-fueled cyber threats. The landscape is rapidly shifting with the introduction of AI but it can also be used to defend against sophisticated attacks. Effective training continues to provide protection against AI-generated threats.
This report reminds us (again) of the need for heightened cybersecurity measures. Vigilance, training, and proactive security measures are more critical than ever to defend against the growing sophistication of phishing attacks.