In Q2 of 2024, email phishing attacks surged by 28% compared to Q1, highlighting an alarming trend in the threat landscape. Cybercriminals increasingly deploy sophisticated techniques, including bypassing security controls through familiar, compromised accounts and QR code-based attacks. A recent report from Egress sheds light on the evolution of these tactics, with attackers moving beyond simple phishing attempts to multichannel, coordinated efforts across platforms like MS Teams and WhatsApp.
Bypassing Authentication with Familiar Accounts
One of the most effective methods observed in 2024 was the use of compromised email accounts within an organization or its supply chain. This allowed attackers to bypass authentication protocols, making their phishing attempts appear legitimate to the target. Between April and June 2024, 44% of phishing attacks originated from internally compromised accounts, while 8% came from accounts within the supply chain, a tactic designed to take advantage of trusted relationships within an organization.
New Payload Delivery Techniques
A growing trend in phishing campaigns is the use of QR codes as payloads. These make up 12% of phishing emails, offering attackers a clever way to bypass traditional security tools. Unlike hyperlinks, which are more commonly detected, QR codes provide an indirect pathway to malware or credential-stealing sites. In Q2 2024, hyperlinks remained the most common payload at 45%, with attachments accounting for 23%.
The objective of these phishing payloads is to steal credentials, a high-value commodity in the cybercriminal marketplace. Stolen credentials can enable further attacks and are regularly traded in cybercriminal forums, making them a critical target for phishing campaigns.
Impersonation: The Core of Phishing Attacks
Nearly 90% of phishing emails between January and August 2024 involved some form of impersonation, targeting individuals with messages that appeared to come from a trusted brand, department, or individual. Attackers impersonated phone or video conferencing providers such as Zoom, as well as shipping services like UPS. Another favored tactic was to masquerade as HR, IT, or finance departments within the victim’s organization, leveraging these departments’ roles in daily operations.
A concerning trend is the targeting of new employees, particularly those in their first few weeks on the job. Attackers leverage LinkedIn bots to identify new starters and craft phishing emails that impersonate senior executives, making the email appear urgent and legitimate. This tactic has been particularly effective, as newer employees are often more eager to comply with requests from higher-ups.
Commodity Attacks Flooding Organizations
Commodity phishing campaigns, which involve mass-produced emails sent to a broad range of targets, are becoming increasingly common. These campaigns can overwhelm organizations, with a reported 2700% increase in phishing emails during these attacks. While many of these emails are relatively easy to detect, they serve as a form of “white noise,” masking more sophisticated attacks that may slip through defenses.
December 2023 saw the peak of these commodity attacks, and experts predict a similar spike in December 2024. The holiday season, with its flood of legitimate brand emails, provides a prime opportunity for cybercriminals to launch phishing campaigns.
Multichannel Attacks: Expanding the Battlefield
Advanced persistent threat (APT) groups are employing more sophisticated tactics, moving beyond email as their sole vector. APT groups now use multichannel attacks that leverage various communication platforms, including MS Teams and WhatsApp, to increase their chances of success. By moving across devices and platforms, these attackers make it harder for defenders to trace audit trails and disrupt their activities. This tactic also takes advantage of users’ lack of awareness about the risks of clicking links in messaging apps.
Phishing-as-a-Service: Lowering the Barrier to Entry
The dark web has seen a rise in phishing-as-a-service (PhaaS) offerings, enabling less-skilled attackers to execute sophisticated attacks. These toolkits provide AI-powered capabilities, including deepfakes, to enhance the credibility of phishing campaigns. In some cases, vendors of these toolkits even offer guarantees that their attacks will bypass security measures such as Microsoft’s defenses.
Many PhaaS providers also offer 24/7 customer support, allowing cybercriminals to receive real-time assistance during attacks. This professionalization of phishing attacks is a troubling development, making it easier for a wider range of attackers to launch effective campaigns.
Mitigating the Phishing Threat
As phishing techniques become more advanced, organizations must adopt more robust defenses. Employee training is critical, particularly when it comes to recognizing phishing attempts across various platforms and devices. Security teams must also ensure that multi-factor authentication (MFA) and other layered security measures are in place to prevent account compromises.
In response to the growing use of QR codes and multichannel attacks, cybersecurity solutions must evolve to monitor communication channels beyond email. Furthermore, leveraging AI-powered threat detection and behavioral analytics can help organizations detect anomalies in user activity and flag potential phishing attempts before they escalate.
A Complex and Evolving Threat
Phishing attacks are no longer confined to simplistic email schemes. The evolving tactics, including the use of QR codes, impersonation, and multichannel strategies, present a growing challenge for organizations. As cybercriminals continue to adapt, defenders must stay ahead with a proactive approach, leveraging advanced technologies and fostering a security-conscious culture within their organizations.
By Vladimir Rene , Certify Cybersecurity Expert