In 2024, phishing emerged as the primary method utilized by cybercriminals to gain initial access to targeted organizations, as reported by risk advisory firm Kroll. This trend is expected to persist into 2025, posing a significant threat to organizations worldwide. In addition to phishing, attackers have increasingly turned to the use of stolen credentials and social engineering tactics to infiltrate systems and networks.
One notable social engineering tactic observed in 2024 involved CEO-spoofing, which leveraged artificial intelligence to create realistic voice clones. Attackers also targeted help-desk personnel for password resets and utilized telephone-oriented attack delivery to lure victims into falling for phishing attempts. These methods are a reflection of the evolving strategies employed by cybercriminals to bypass security measures and gain access to sensitive information.
A financially motivated threat actor known as EncryptHub has been highlighted as an example of the evolution of phishing techniques. This group, with ties to ransomware-as-a-service outfits RansomHub and BlackSuit, has perfected spear-phishing attacks. By calling employees and impersonating IT or help desk staff, they direct targets to phishing sites disguised as company VPN portals. They also use platforms like Microsoft Teams to send malicious links aimed at stealing M365 login credentials, resulting in successful ransomware deployments in numerous victim organizations.
The proliferation of phishing activities can be attributed in part to the availability of phishing-as-a-service platforms, as noted by Kroll’s researchers. These platforms offer tools such as Mamba 2FA and Rockstar 2FA, which target Microsoft 365 accounts to capture credentials for malicious purposes. Additionally, threat actors are now advertising AI chatbots for sale on underground forums, claiming they can enhance phishing campaigns.
One of the notable phishing campaigns of 2024 is the CorruptQR campaign, where attackers leverage Office documents with corrupt header information to evade email security solutions. This campaign relies on users to initiate the recovery process, demonstrating the creativity and persistence of cybercriminals in their efforts to bypass security measures.
To mitigate the risks posed by phishing and social engineering attacks, organizations are advised to adopt a multi-pronged approach. This includes educating employees on the latest social engineering techniques, training them to identify phishing attempts, and establishing reporting mechanisms for potential threats. Employing email security tools to detect and block malicious links, implementing phishing-resistant authentication methods, and updating IT help-desk policies to prevent social engineering attacks are also crucial steps in enhancing security measures.
As the threat landscape continues to evolve, organizations must remain vigilant and proactive in defending against phishing and social engineering attacks. By staying informed, implementing robust security measures, and fostering a culture of cybersecurity awareness, businesses can effectively safeguard their assets and data from malicious actors.