Artificial Intelligence | News | Insights | AiThority
[bsfp-cryptocurrency style=”widget-18″ align=”marquee” columns=”6″ coins=”selected” coins-count=”6″ coins-selected=”BTC,ETH,XRP,LTC,EOS,ADA,XLM,NEO,LTC,EOS,XEM,DASH,USDT,BNB,QTUM,XVG,ONT,ZEC,STEEM” currency=”USD” title=”Cryptocurrency Widget” show_title=”0″ icon=”” scheme=”light” bs-show-desktop=”1″ bs-show-tablet=”1″ bs-show-phone=”1″ custom-css-class=”” custom-id=”” css=”.vc_custom_1523079266073{margin-bottom: 0px !important;padding-top: 0px !important;padding-bottom: 0px !important;}”]

QR Code-Based Attacks Are Growing in Popularity; Now Comprise 11% of All Malicious Emails

SlashNext Mid-Year State of Phishing Report Shows 341% Increase in BEC and Advanced Phishing Attacks

Alarming spike in phishing, BEC and other message-based attacks fueled by weaponization of Generative AI tools

Security solutions platform SlashNext released its 2024 Mid-Year Assessment on The State of Phishing, mentioning the rise of cyber attacks related to QR codes. This report is an update to SlashNext’s annual State of Phishing report, which the SlashNext Threat Labs team last issued in October 2023. The surge in phishing attacks reported at that time prompted the team to conduct another comprehensive analysis at the six-month mark to determine if the upward trend was persisting, especially as threat actors continue to leverage generative AI tools to aid their phishing, business email compromise (BEC) and other social engineering attacks. 

Recommended: AI-powered Cyber Attacks Cast Unprecedented Threats on IT Leadership

Cybersecurity threat trends [Source: SlashNext]
Cybersecurity threat trends [Source: SlashNext]

Fueled by AI-generated attacks, the Mid-Year Assessment revealed a 341% increase in malicious phishing link, BEC, QR Code and attachment-based email and multi-channel messaging threats in the last six months alone. This was on top of a staggering 856% increase in malicious email and messaging threats over the prior 12 months. And, since the launch of ChatGPT in November 2022, there has been a 4,151% increase in malicious phishing messages sent.  

Top AI ML AiThority.com News: AI Safety Summit 2024

“Humans have been, and will continue to be, the weakest point in any organization’s security,” said Patrick Harr, CEO, SlashNext. “There is a reason threat actors continue to iterate on tactics like phishing that have been around for decades – they are highly effective. According to Verizon’s 2024 Data Breach Investigations Report, humans are increasingly falling for phishing attacks and it now takes a median time of only 21 seconds for a user to click on a malicious link, and only another 28 seconds to then enter their personal data. We know from our research these attacks are getting a boost from generative AI tools that are readily available. Threat actors are using gen AI to customize messages for their victims, write more convincing messages, and dramatically accelerate the speed and volume of these attacks with little to no added cost.”

Related Posts
1 of 40,572

 In looking at specific threat types, SlashNext Threat Labs found a 217% increase in credential harvesting phishing attacks and a 29% increase in BEC attacks in the last six months. Losses due to BEC attacks exceeded $2.9B in 2023, at an average cost of $137,000 per BEC incident, according to the recent FBI IC3 Report. In addition, mobile phones have emerged as the most utilized and vulnerable communications channel, with 45% of all mobile threats now being reported as SMS smishing attacks. 

CAPTCHA-based attacks, particularly using CloudFlare, are also on the rise and they are being used to mask credential harvesting forms. Attackers are generating thousands of domains and implementing CloudFlare’s CAPTCHAs to hide credential phishing forms from security protocols that are unable to bypass theCAPTCHAs. 

“Leveraging legitimate services like Microsoft Sharepoint, AWS, and Salesforce to hide phishing and malware is another favorite tactic employed by threat actors because it preys on users’ trust in these tools,” continued Harr.

Patrick added, “In addition to CAPTCHA-based attacks, QR code-based attacks are growing in popularity and now comprise 11% of all malicious emails – often embedded in legitimate infrastructures. The onus should not be on users to identify and avoid sophisticated attacks, especially when the research proves that relying on training and traditional cybersecurity tools is ineffective against modern attack tactics. It’s time to fight AI with AI and implement AI-powered email and messaging security tools that keep malicious messages out of users’ inboxes altogether.”  

To counter the growing sophistication of these cyberattacks, the SlashNext advanced gen AI security platform is specifically engineered to identify, anticipate and block complex BEC threats, phishing, and ransomware. Utilizing generative AI, natural language parallel prediction, computer vision, relationship graphs, and contextual analysis, the platform achieves an industry-leading detection rate of 99.99%.

Hot Startups in AI ML Industry: Read What This Off-road Autonomy Vehicle Software Startup is Doing after a $10M Seed Funding

[To share your insights with us as part of editorial or sponsored content, please write to sghosh@itechseries.com]

Comments are closed.