'The inbox is no longer the only front line': Report claims vast majority of phishing attacks are now generated by AI - here's how to stay safe

News
By published

AI is making phishing attacks much worse, experts warn

Phishing
(Image credit: Vektor Illustration/Shutterstock)
  • Phishing attacks aren't just in the inbox – calendar and Teams attacks are also highly common
  • AI is believed to make phishing attacks around 7x more efficient
  • Internal impersonation is a growing threat

New data has claimed 86% of all phishing attacks are now driven by artificial intelligence, meaning that for the first time in a long time, they're becoming far more sophisticated.

With an increase in scale and automation comes the power to attack across more surfaces – in the past six months, KnowBe4 says it observed a 49% rise in calendar invite attacks.

This shows email inboxes are no longer the only attack surface, with collaboration tools, calendar invites and messaging platforms equally at risk.

Article continues below

Phishing breaks out of the inbox at scale

Over the same six-month period, KnowBe4 also saw a 41% rise in Microsoft Teams attacks and a 139% rise in reverse proxy attacks targeting Microsoft 365 credentials.

The report details how cybercriminals can use AI to generate personalized and realistic phishing messages to the point that they're expected to be around 7x more efficient than manual attacks. Deepfakes spanning both audio and video are also posing a risk to security, with nearly on in three (30%) attacks involving internal impersonation, such as that of a manager.

"Social engineering is becoming more targeted, making it more difficult to discern what is legitimate versus what is malicious," Threat Intelligence SVP Jack Chapman explained.

Some of the common tactics KnowBe4 saw employed included impersonating IT, HR and C-suite execs, and instilling a sense of urgency with deadlines.

Besides increasing attack sophistication, the report also covers how AI has democratized phishing attacks to even more people, effectively lowering the barrier for entry. Phishing-as-a-service has emerged from this trend, which automates the entire attack lifecycle without the attackers needing to understand the ins and outs of an attack.

While the report focuses more on current trends than solutions, KnowBe4 does call for a "holistic ecosystem fueled by deep behavioral analytics and real-time threat intelligence" whereby workers are also considered a line of defense in spotting and avoiding phishing attacks.

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

TOPICS
Craig Hale
Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.