Quishing attacks, a form of phishing that leverages QR codes, have significantly increased, climbing from a mere 0.8% in 2021 to 10.8% in 2024.
The figures come from the latest Egress report, which also suggests a notable decrease in attachment-based payloads, which halved from 72.7% to 35.7% over the same period.
According to the new data published today, impersonation attacks have remained prevalent, with 77% masquerading as well-known brands, notably DocuSign and Microsoft. Social engineering tactics have intensified, constituting 16.8% of phishing attacks, while phishing emails have grown threefold in length since 2021, possibly attributed to the utilization of generative AI.
Multi-channel attacks have capitalized on the popularity of work messaging apps, notably Microsoft Teams and Slack. Collectively, these apps account for half of the second steps in such assaults. Microsoft Teams alone saw a substantial 104.4% increase in 2024 compared to the previous quarter.
Artificial intelligence emerged as a potent tool in cybercrime, permeating various stages of attacks. The report predicts a surge in the use of deepfakes in video and audio formats, amplifying the sophistication of cyber assaults.
“The one thing that won't change in 2024 is cybercriminals investing heavily in attacks that give them the highest rewards,” commented Jack Chapman, SVP of threat intelligence at Egress.
“Some tactics will stay the same, but where returns diminish or disappear entirely, new tactics will emerge. Looking at the trends explored in the latest report, we can say with certainty that AI-powered attacks are here to stay.”
Read more on cybersecurity and AI: RSA eBook Details How AI will Transform Cybersecurity in 2024
Despite technological advancements, secure email gateways (SEGs) lag behind, with a 52.2% increase in attacks evading detection in early 2024. This underscores the need for adaptive cybersecurity measures in the face of evolving threats.
Millennials have also emerged as prime targets for cybercriminals, receiving 37.5% of phishing emails. This is particularly true within the finance, legal and healthcare sectors. Social engineering tactics, including personalized attacks timed around events like Valentine’s Day, further underscore the evolving landscape of cyber-threats.