London, UK – 3rd October 2024 - Leading cybersecurity company, Egress, a KnowBe4 company, today, has launched its latest Phishing Threat Trends Report (October 2024), which examines the most recent phishing statistics and threat intelligence insights. The report explores how cybercriminals commercialise their activities through phishing toolkits, the tactics employed during large-scale commodity attacks, the multi-step process of advanced persistent threat campaigns, and the methods of impersonating brands and individuals.
Key stats from the Phishing Threat Trends Report (October 2024)
- 28% increase in phishing emails sent between April 1st – June 30th vs January 1st – March 31st, 2024.
- 82% of phishing toolkits mentioned deepfakes and 74.8% referenced AI.
- During a commodity attack, on average organisations experience a 2,700% increase in phishing attacks compared to the normal baseline.
- 3% of commodity attacks used a hyperlink as its payload, followed by QR codes at 14.0%.
- 89% of phishing emails involve impersonation; Adobe was the most impersonated brand, followed by Microsoft.
- 9% of impersonation emails were classed as ‘payloadless’, relying solely on social engineering tactics.
- 44% of phishing emails were sent from compromised accounts, helping them bypass authentication protocols.
Key themes:
Phishing emails surge in Q2, as compromised accounts and hyperlinks dominate
The report reveals a 28% increase in phishing emails sent between April 1st – June 30th vs January 1st – March 31st, 2024, with June seeing the highest volume of phishing emails. 44% of attacks were sent from compromised accounts to help them bypass authentication protocols, with 8% originating from an account within an organisation's supply chain. The most prevalent payloads in these emails were hyperlinks, found in 45% of cases, followed by attachments, which appeared in 23% of the phishing emails.
Commodity attacks overwhelm cybersecurity admins
Commodity attacks—mass-produced, malicious campaigns that typically mimic spam by impersonating brands on a large scale—are rising in popularity, peaking at 13.6% of all phishing emails detected by Egress Defend in December 2023.
During a commodity campaign, organisations experience a staggering 2,700% increase in phishing attacks compared to their normal baseline. These attacks are primarily image-based, with 51.1% featuring a single graphic; often include hyperlinks (72.3%); and are highly polymorphic, randomising elements like links and display names. This flood of unsophisticated threats creates white noise, potentially masking more sophisticated and targeted phishing attempts, making detection even harder for cybersecurity admins.
Impersonation tactics continue to prevail
The Phishing Threat Trends Report reveals that 89% of phishing emails involve impersonation, with Adobe ranking as the most impersonated brand and DHL as the most impersonated mail carrier.
Between January 1st and August 31st, 2024, 26% of phishing emails impersonated brands unconnected to the recipient through an established business relationship. Among these, 9.7% impersonated phone or video conferencing providers (such as Zoom) and 5.3% impersonated mail carriers (such as UPS or DPD), frequently using ‘missed voicemail’ or ‘missed delivery’ campaigns. The next most common impersonation attacks involved posing as the recipient's company, accounting for 16.0% of incidents, with HR being the most frequently impersonated department.
New employees with a tenure of two to seven weeks were the most targeted individuals for phishing emails impersonating VIPs, typically as part of CEO fraud attacks. Outside of employer-related attacks, Jeff Bezos and Elon Musk were among the most impersonated celebrities.
Jack Chapman, SVP of Threat Intelligence at Egress, a KnowBe4 company, comments:
“The fourth edition of the Egress Phishing Threat Trends report offers eye-opening insights into the shifting landscape of phishing threats in 2024, revealing alarming trends based on data from Egress Defend and exclusive intelligence from the Egress Threat Intelligence team. One of the most troubling findings is the rapid commoditisation of AI in phishing toolkits, which is putting advanced threats into the hands of less sophisticated cybercriminals. Organisations must respond by adopting advanced AI defenses that effectively counter these evolving threats; while ensuring they aren’t introducing new vulnerabilities by using AI for AI’s sake.”
“As the old saying goes, 'the only constant is change,' and this is especially true in cybersecurity. As cybercriminals pivot away from one tactic that is no longer reaping the same rewards, a new one pops up to take its place. However, the report highlights one enduring reality: modern phishing threats are increasingly driven by impersonation tactics, which have become the backbone of many advanced and targeted attacks against organisations.”
“The Phishing Threat Trends report is a must-read for all cybersecurity teams who want to stay ahead of emerging threats. It provides crucial insights and actionable strategies that are essential for outpacing evolving risks and securing your organisation.”
To read Egress’ Phishing Threat Trends Report, including all its analysis and findings please visit our website.
About Egress, a KnowBe4 Company
As advanced persistent threats continue to evolve, we recognise that people are the biggest risk to organisations’ security and are most vulnerable when using email.
Egress, a KnowBe4 company, is the only cloud email security provider to continuously assess human risk and dynamically adapt policy controls, preparing customers to defend against advanced phishing attacks and outbound data breaches before they happen. Leveraging contextual machine learning and neural networks, with seamless integration using cloud-native API architecture, Egress provides enhanced email protection, deep visibility into human risk, and instant time to value.