Phishing Attacks Surge as Threat Actors Leverage New AI Tools

Written by

Phishing campaigns worldwide rose nearly 50% in 2022 compared to 2021 driven partly by phishing kits and new AI tools accessible to threat actors, according to zero trust security vendor Zscaler’s ThreatLabz Phishing Report.

A staggering 65% of phishing attacks worldwide occurred in the US (up from 60% in 2021), their year-over-year increase is slower there than in other countries, such as Canada (up 718%), the UK (up 269%), Russia (up 199%) and Japan (up 92%).

Regarding industry-type, education saw attacks increase by 576% and followed by finance and government which Zscaler said saw 273% more attacks than the previous year. Meanwhile, a previously highly targeted sector, retail and wholesale, saw phishing attacks drop by 67%.

The report, published on April 18, found that most modern phishing attacks rely on stolen credentials and outlined the growing threat from Adversary-in-the-Middle (AitM) attacks, increased use of the InterPlanetary File System (IPFS), a distributed peer-to-peer file system that allows users to store and share files on a decentralized network of computers, as well as reliance on phishing kits sourced from black markets and AI tools like ChatGPT.

“AI tools like ChatGPT and phishing kits have significantly contributed to the growth of phishing, reducing the technical barriers to entry for criminals and saving them time and resources. […] Large language models like ChatGPT, for example, have made it easier for cybercriminals to generate malicious code, Business Email Compromise (BEC) attacks, and develop polymorphic malware that makes it harder for victims to identify phishing,” the report reads.

Another Zscaler ThreatLabz finding shows that SMS phishing (smishing) is now evolving to more voicemail-related phishing (vishing), luring more victims into opening malicious attachments.

Finally, the report saw increased recruitment scams on LinkedIn and other job recruiting sites.

“Unfortunately, in 2022, many big businesses in Silicon Valley made the tough decision to downsize. As a result, cybercriminals leveraged fake job postings, sites, portals, and forms to attract job seekers. Victims would often undergo an entire interview process, with some even being asked to purchase supplies to be reimbursed later.”

Deepen Desai, Zscaler’s global CISO and head of security, warned in a public statement that, while the rise in phishing campaigns is not new, its sophistication is unprecedented.

“Year-over-year, we continue to see an increase in the number of phishing attacks which are becoming more sophisticated in nature. Threat actors are leveraging phishing kits and AI tools to launch highly effective email, smishing, and vishing campaigns at scale. AitM attacks supported by growth in phishing-as-a-service have allowed attackers to bypass traditional security models, including multi-factor authentication,” he said.

Findings from the ThreatLabz Phishing Report are based on a year’s worth of global data from the Zscaler security cloud, which monitors over 280 billion transactions daily across the globe, from January 2022 through December 2022.

What’s hot on Infosecurity Magazine?