The SlashNext State of Phishing Report 2023 has recently been released, shedding light on a disturbing trend in the cybersecurity landscape. According to the report, there has been a staggering 1265% increase in malicious phishing emails since the fourth quarter of 2022.
Compiled by SlashNext Threat Labs, the annual report provides an analysis of threats observed across various channels such as email, mobile, and browser over a period of 12 months from Q4 2022 to Q3 2023. In addition to the spike in malicious phishing emails, the report also highlights a significant 967% rise in credential phishing attacks.
Patrick Harr, CEO of SlashNext, attributes these alarming figures to the growing use of generative AI by threat actors. “We know from our research that threat actors are leveraging tools like ChatGPT to help write sophisticated, targeted Business Email Compromise (BEC) and other phishing messages,” Harr explains. “The fact that we’re seeing a corresponding increase of over 1,000% in these threats since the launch of ChatGPT is not a coincidence.”
Harr emphasizes that the purpose of sharing these statistics is not to exaggerate the threats posed by generative AI, but rather to raise awareness among their customers and the broader cybersecurity community about the true dangers at hand. By understanding these risks, organizations can better respond and implement appropriate defensive measures.
The SlashNext report also reveals some other noteworthy findings. On average, there are approximately 31,000 daily phishing attacks, with 68% of them falling under the category of text-based BEC attacks. A survey conducted as part of the research involving over 300 cybersecurity professionals shows that 46% of respondents have encountered BEC attacks.
Additionally, the survey reveals that 77% of these professionals have been targeted by phishing attempts, with 28% of those attacks delivered through text messages. Furthermore, mobile-based attacks accounted for 39% of these incidents and are commonly referred to as SMS phishing or Smishing.
In terms of protecting against these evolving threats, the report stresses the urgency for organizations to adopt comprehensive security measures. It particularly highlights the growing significance of mobile-based and multi-stage attacks. To counter the proliferation of AI-fueled cyber threats, the report suggests an increasing reliance on AI-driven solutions.
“The introduction of AI to the threat landscape is rapidly changing the game,” commented Mika Aalto, co-founder and CEO at Hoxhunt. “However, the positive news is that AI can also be utilized to defend against sophisticated attacks. We have seen that proper training continues to have a protective effect against AI-generated threats.”
The SlashNext State of Phishing Report 2023 underscores the need for organizations to remain vigilant and proactive in their cybersecurity measures. As the threat landscape evolves, it is crucial to stay informed about emerging trends and adopt advanced technologies to mitigate potential risks.