Fueled by AI-generated attacks, the Mid-Year Assessment revealed a 341% increase in malicious phishing link, BEC, QR Code and attachment-based email and multi-channel messaging threats in the last six months alone. This was on top of a staggering 856% increase in malicious email and messaging threats over the prior 12 months. And, since the launch of ChatGPT in November 2022, there has been a 4,151% increase in malicious phishing messages sent.

“Humans have been, and will continue to be, the weakest point in any organization’s security,” said Patrick Harr, CEO, SlashNext. “There is a reason threat actors continue to iterate on tactics like phishing that have been around for decades – they are highly effective. According to Verizon’s 2024 Data Breach Investigations Report, humans are increasingly falling for phishing attacks and it now takes a median time of only 21 seconds for a user to click on a malicious link, and only another 28 seconds to then enter their personal data. We know from our research these attacks are getting a boost from generative AI tools that are readily available. Threat actors are using gen AI to customize messages for their victims, write more convincing messages, and dramatically accelerate the speed and volume of these attacks with little to no added cost.”

In looking at specific threat types, SlashNext Threat Labs found a 217% increase in credential harvesting phishing attacks and a 29% increase in BEC attacks in the last six months. Losses due to BEC attacks exceeded $2.9B in 2023, at an average cost of $137,000 per BEC incident, according to the recent FBI IC3 Report. In addition, mobile phones have emerged as the most utilized and vulnerable communications channel, with 45% of all mobile threats now being reported as SMS smishing attacks.

CAPTCHA-based attacks, particularly using CloudFlare, are also on the rise and they are being used to mask credential harvesting forms. Attackers are generating thousands of domains and implementing CloudFlare’s CAPTCHAs to hide credential phishing forms from security protocols that are unable to bypass theCAPTCHAs.

“Leveraging legitimate services like Microsoft Sharepoint, AWS, and Salesforce to hide phishing and malware is another favorite tactic employed by threat actors because it preys on users’ trust in these tools,” continued Harr. “In addition to CAPTCHA-based attacks, QR code-based attacks are growing in popularity and now comprise 11% of all malicious emails – often embedded in legitimate infrastructures. The onus should not be on users to identify and avoid sophisticated attacks, especially when the research proves that relying on training and traditional cybersecurity tools is ineffective against modern attack tactics. It’s time to fight AI with AI and implement AI-powered email and messaging security tools that keep malicious messages out of users’ inboxes altogether.”

To counter the growing sophistication of these cyberattacks, the SlashNext advanced gen AI security platform is specifically engineered to identify, anticipate and block complex BEC threats, phishing, and ransomware. Utilizing generative AI, natural language parallel prediction, computer vision, relationship graphs, and contextual analysis, the platform achieves an industry-leading detection rate of 99.99%.

Download the full 2024 Mid-Year Assessment to The State of Phishing report.

Related News:

Spam and Graymail Detection Established by SlashNext Powered by GenAI

15 Security Predictions for 2024

The post Mid-Year Assessment on The State of Phishing Report Released appeared first on Digital IT News.

Since the launch of ChatGPT, the SlashNext Threat Labs team has observed a 1,265% increase in malicious phishing emails. The FBI warns in its recent IC3 report that losses due to BEC in 2023 exceeded $2.9B, with an average cost of $137K per BEC incident. The availability of generative AI platforms like ChatGPT is enabling cybercriminals to launch sophisticated email-based attacks quickly and in greater volume than ever before. As a byproduct, spam and graymail volumes have increased as well, which amplifies the burden placed on SOC teams who are left to manage the influx in emails reported by users for investigation.

“SlashNext was the first to fight generative AI attacks with generative AI protection,” said Patrick Harr, CEO of SlashNext. “In 2023, we launched the industry’s first generative AI solution for Business Email Compromise (BEC) to thwart advanced supply chain, executive impersonation, financial fraud, and other socially engineered attacks. Now, we are extending this same generative AI capability to detect and block unsolicited spam and graymail, further reducing risk and enhancing the productivity of both individual users and SOC teams.”

SlashNext GenAI for Spam and Graymail improves user productivity by keeping their inboxes clean and free of spam and unsolicited emails that they otherwise would likely report to their SOC teams for investigation. This in turn reduces the burden on SOC teams who now receive fewer alerts and investigation requests. With an intuitive executive dashboard and executive summary report, CISOs can easily demonstrate the value of SlashNext GenAI for Spam and Graymail. The dashboard and reporting capabilities provide clear insights into the value delivered by showcasing metrics such as “User Productivity Hours Saved” and “SOC Analysts Time Saved.”

Unlike other email security solutions that use primary signatures and policies, SlashNext GenAI for Spam and Graymail is based on a proprietary generative AI LLM. Because of this approach, it also seamlessly integrates with Microsoft and augments Microsoft Defender for Office 365. This pairing provides customers with the strongest “better together” defense in depth strategy available.

SlashNext GenAI for Spam and Graymail is available now. Learn more about SlashNext’s patented generative AI security technology for spam and graymail detection here.

Related News:

15 Security Predictions for 2024

OAuth Implementations Security Flaws Remedied with Salt Security

The post Spam and Graymail Detection Established by SlashNext Powered by GenAI appeared first on Digital IT News.