The US, UK and India experienced the highest volume of phishing attempts in 2023, with the US bearing the brunt of these attacks. Factors contributing to the high occurrence of phishing in the US include its large population of internet and technology users, extensive use of online financial transactions, and advanced digital infrastructure. The prevalence of AI-driven phishing campaigns further amplifies the vulnerability of US entities to such attacks, says the Zscaler ThreatLabz 2024 Phishing Report

The US saw 1.13 billion phishing transactions in 2023; followed by 113 million in the UK and 79 million in India, says the report done by Zscaler ThreatLabz research.

Phishing attacks use fraudulent emails, text messages, phone calls or websites to trick people into sharing sensitive data, downloading malware or otherwise exposing themselves to cybercrime.

The research conducted from January to December 2023, examined more than 2 billion phishing transactions across the Zscaler Zero Trust Exchange, the world’s largest online security cloud. Its findings aim to equip enterprises with the knowledge needed to proactively combat the rising wave of new phishing attacks.

Microsoft remains the most imitated brand, with 43.1 per cent of phishing attempts targeting it. Microsoft’s OneDrive and SharePoint brands were also among the top five targeted, indicating a persistent trend of threat actors seeking user credentials from critical Microsoft applications, the report said.

Most phishing attacks were traced back to familiar territories: the US, the UK, and Russia. Notably, the US consistently dominated as the primary source of these malicious activities. This can be attributed to the country’s expansive and advanced digital infrastructure, which gives phishers and cybercriminals easier access to a larger pool of potential victims.

ThreatLabz recently uncovered a concerning instance of advanced persistent threats (APTs) targeting political entities—a case of cyber espionage by the threat actor SPIKEDWINE, using phishing tactics to exploit geopolitical relations between India and European diplomats.

In January 2024, ThreatLabz discovered a suspicious PDF on VirusTotal disguised as an invitation letter from the Ambassador of India (though originating from Latvia) for a government-related wine-tasting event. The PDF contained a link to a fake questionnaire, redirecting users to a malicious ZIP archive on a compromised website. This discovery revealed a new backdoor, “WINELOADER,” the report said.

Phishers abuse AI, AI fights back

Generative AI is rapidly driving the phishing threat landscape forward, enabling automation and efficiency across numerous stages of the attack chain. By rapidly analysing publicly available data, such as details about organisations or executives, GenAI saves threat actors time in reconnaissance while facilitating more precise targeted attacks. By eliminating spelling errors and grammatical mistakes, GenAI tools enhance the credibility of phishing communications.

GenAI can quickly create sophisticated phishing pages or extend its capabilities to generate malware and ransomware for secondary attacks. As GenAI tools and tactics rapidly evolve, phishing attacks will become more dynamic (and challenging to detect) by the day.

The growing popularity and use of GenAI tools like ChatGPT and Drift are already beginning to impact phishing activity and the rise of AI-driven attacks. Countries like the US and India, where these tools are highly utilised according to ThreatLabz research in the 2024 AI Security Report, are top targets for phishing scams and face the highest number of encrypted attacks in the past year, a subset of which are phishing attacks.

AI-powered Zscaler Browser Isolation blocks zero-day threats while ensuring employees can access the right sites to do their jobs, the report said.

Deepfake campaign impersonates Tesla founder Elon Musk. In Summer of 2023, threat actors orchestrated a deepfake campaign using the likeness and reputation of entrepreneur Elon Musk. The campaign uses fake ads to deceive individuals into “investing” money in a new platform called “Quantum AI.”

These ads could be found on social media platforms and search engine results. The campaign aimed to solicit funds from victims by promising remarkably high returns, such as a staggering 91 per cent. Musk is portrayed in the main ad for “Quantum AI,” although he appears distant and out of focus. The video mimics his voice and features a typical tech conference style product unveiling. Additionally, a secondary ad takes the form of a fabricated Fox News web page, claiming that Musk gave an interview promoting Quantum AI, the report said.

(This writer is in Las Vegas at the company’s invitation)

Related Topics