Zscaler report warns of AI’s growing role in sophisticated phishing attacks – Business
A new report released today by cloud security company Zscaler Inc. is warning of the rapid evolution and increasing sophistication of phishing attacks, particularly with the integration of artificial intelligence enabling highly convincing and targeted attacks.
The Zscaler ThreatLabz 2024 Phishing Report does a deep dive into the world of phishing, including the latest tactics used and how to stay ahead of the threat. AI is a common theme in the report, which notes that the technology represents a “paradigm shift” in the realm of cybercrime, particularly for phishing scams.
With generative AI now freely and frequently available, cybercriminals have been using it to rapidly construct highly convincing phishing campaigns that surpass previous benchmarks of complexity and effectiveness. Using AI algorithms, threat actors can swiftly analyze vast datasets to tailor their attacks and easily replicate legitimate communications and websites with alarming precision.
The level of sophistication provided by AI is claimed to allow phishers to deceive even the most aware users. The report warns that AI’s role in reshaping the cyberthreat landscape appears boundless as it continues to redefine what is possible in the world of cyberattacks.
Along with assisting in creating believable messages, AI was also found to be increasingly being used in vishing attacks, with criminals deploying deepfake technology to create realistic audio and video content. A vishing attack is a form of phishing that uses voice communication to trick individuals into revealing sensitive information by impersonating legitimate entities or authorities; with AI and deepfakes, attackers can now impersonate actual people in a given company.
On the tech side, attackers were also found to be increasingly using AI to automate phishing attacks. The use of AI is said to complicate detection and response efforts, making them increasingly difficult to detect and respond to.
Other findings in the report include Zscaler detecting a 58.2% increase in global phishing attempts in 2023. Along with an increase in vishing, other growing methods used included recruitment scams and browser-in-the-browser attacks.
The country most targeted by phishing attacks last year was the U.S., followed by the U.K., India, Canada, and Germany. The finance industry was the most targeted industry, accounting for 27.8% of all phishing attacks and also experiencing a 393% year-over-year rise. Manufacturing was in second place at 21%.
Microsoft Corp. was found to be the most imitated brand, with 43.1% of all phishing attempts targeting it. Microsoft’s OneDrive and SharePoint brands were also among the top five targets.
The report concludes by providing advice on how companies and users can combat phishing. Recommendations include regular employee training on recognizing phishing attempts, the use of call-blocking and filtering tools to prevent suspicious calls and the implementation of multifactor authentication to add a layer of security.
Deepen Desai, chief security officer of Zscaler, recently spoke with theCUBE, SiliconANGLE Media Inc.’s livestreaming studio, about the dangers AI can present in the enterprise: