- Phishing attacks are not limited to the inbox: attacks on the calendar and Teams are also very common
- AI is believed to make phishing attacks seven times more efficient
- Internal identity theft is a growing threat
New data claims that 86% of all phishing attacks are now powered by artificial intelligence, meaning that for the first time in a long time, they are becoming much more sophisticated.
With an increase in scale and automation comes the power to attack on more surfaces: over the past six months, KnowBe4 says it has seen a 49% increase in calendar invite attacks.
This shows that email inboxes are no longer the only attack surface, and that collaboration tools, calendar invites, and messaging platforms are equally at risk.
Article continues below.
Phishing breaks into the inbox on a large scale
During the same six-month period, KnowBe4 also saw a 41% increase in attacks on Microsoft Teams and a 139% increase in reverse proxy attacks targeting Microsoft 365 credentials.
The report details how cybercriminals can use AI to generate personalized and realistic phishing messages to the point that they are expected to be around 7 times more efficient than manual attacks. Deepfakes covering both audio and video also pose a security risk, and nearly one in three (30%) attacks involve internal impersonation, such as that of a manager.
“Social engineering is becoming more targeted, making it more difficult to discern what is legitimate and what is malicious,” explained Jack Chapman, senior vice president at Threat Intelligence.
Some of the common tactics KnowBe4 saw employed included impersonating IT, HR and C-suite executives, and instilling a sense of urgency around deadlines.
In addition to increasing the sophistication of attacks, the report also covers how AI has democratized phishing attacks to reach more people, effectively lowering the barrier to entry. Out of this trend emerged phishing as a service, which automates the entire attack lifecycle without attackers needing to understand the ins and outs of an attack.
While the report focuses more on current trends than solutions, KnowBe4 calls for a “holistic ecosystem powered by deep behavioral analytics and real-time threat intelligence” whereby workers are also considered a line of defense to detect and prevent phishing attacks.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
