- Phishing attacks aren’t just in the inbox – calendar and Teams attacks are also very common
- AI is believed to make phishing attacks about 7 times more effective
- Internal impersonation is a growing threat
New data has claimed that 86% of all phishing attacks are now powered by artificial intelligence, meaning they are becoming far more sophisticated for the first time in a long time.
With an increase in scale and automation, the power to attack comes across more surfaces – in the last six months, KnowBe4 says it has observed a 49% increase in calendar invite attacks.
This shows that email inboxes are no longer the only attack surface, with collaboration tools, calendar invitations and messaging platforms equally at risk.
The article continues below
Phishing is breaking out of the inbox on a large scale
During the same six-month period, KnowBe4 also saw a 41% increase in Microsoft Teams attacks and a 139% increase in reverse proxy attacks targeting Microsoft 365 credentials.
The report describes how cybercriminals can use artificial intelligence to generate personalized and realistic phishing messages to the point that they are expected to be around 7 times more effective than manual attacks. Spanning both audio and video, deepfakes also pose a security risk, with almost three (30%) attacks involving internal impersonation, such as of a manager.
“Social engineering is becoming more targeted, making it harder to distinguish what is legitimate from what is malicious,” explained Threat Intelligence SVP Jack Chapman.
Some of the common tactics KnowBe4 saw used included impersonating IT, HR and C-suite executives and instilling a sense of urgency about deadlines.
In addition to increasing attack sophistication, the report also covers how AI has democratized phishing attacks for even more people, effectively lowering the barrier to entry. Phishing-as-a-service has emerged from this trend, which automates the entire attack lifecycle without the attackers needing to understand the ins and outs of an attack.
While the report focuses more on current trends than solutions, KnowBe4 calls for a “holistic ecosystem powered by deep behavioral analytics and real-time threat intelligence,” with workers also considered a line of defense to spot and avoid phishing attacks.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
