Phishing remains a significant threat to organisations, despite advancements in cybersecurity.
The tactics used in phishing attacks have evolved significantly. Attackers now use advanced techniques like spear phishing, targeting specific individuals or roles within an organisation, and clone phishing, which duplicates legitimate messages but includes malicious links.
Evolving Landscape
Threats such as the WarmCookie backdoor have added a new dimension to these attacks. WarmCookie leverages phishing campaigns to deliver malicious payloads that can remain undetected for extended periods, providing attackers with persistent access to compromised systems.
In 2024, cybercriminals increasingly employed artificial intelligence to craft sophisticated phishing emails that mimic communications from corporate partners, vendors, or staff line managers. These AI-generated messages are highly convincing, leading to significant financial losses – now up to $2.9 billion annually. Smaller businesses are particularly vulnerable due to limited cybersecurity resources.
There’s yet another growing attack format: quishing (QR Code Phishing). In late 2024, there was a marked increase in phishing attacks using QR codes, termed “quishing.” Attackers embed malicious QR codes in PDFs attached to emails, which, when scanned, directed victims to fraudulent websites designed to steal financial information. This method often bypasses traditional security filters that detect malicious links – but not images. Financial institutions and regulators have raised alarms about this trend, emphasising the need for heightened vigilance when interacting with QR codes.
This year, we’ve seen another cunning phishing attack style emerge. Cybercriminals are now leveraging Microsoft Teams to launch sophisticated phishing attacks, targeting employees by impersonating IT support staff. This new tactic involves ransomware gangs infiltrating corporate Microsoft Teams environments, posing as internal IT professionals, and engaging employees in real-time chats. During these interactions, the attackers attempt to trick users into granting access or downloading malicious files that facilitate ransomware deployment.
The strategy capitalises on the trust employees place in internal communications and the increasing reliance on collaboration tools like Teams. Victims are often presented with seemingly urgent IT-related issues requiring immediate attention, such as updating software or troubleshooting access problems. This sense of urgency is designed to lower their guard, leading to a higher success rate for attackers.
Meanwhile, Phishing-as-a-Service (PhaaS) platforms have amplified the threat landscape by offering ready-to-use phishing kits and infrastructure to attackers with minimal technical expertise. These platforms democratise cybercrime, enabling even amateur criminals to launch advanced phishing campaigns. As a result, the volume and complexity of phishing attacks have increased exponentially, targeting industries such as finance, healthcare, and supply chain management.
AI powered Deepfake technology is another rising threat. Cybercriminals are now deploying AI-generated audio and video to impersonate senior executives, tricking employees into authorising financial transactions or sharing sensitive data. These “deepfake phishing” attacks combine visual and auditory deception with traditional phishing methods, making them particularly difficult to identify and counteract.
Finally, Vishing (voice phishing) has seen a dramatic rise in 2024 by nearly 500%. Vishing is effective because it exploits human vulnerability rather than software flaws, making detection difficult until later stages of an attack. This delay benefits threat actors and places responsibility on users to identify and respond to suspicious activity.
How to Avoid Phishing Attacks
Organisations can protect themselves from phishing through a combination of technological measures, employee training, and fostering a vigilant culture.
Firstly, deploy intrusion detection systems (IDS) and security information and event management (SIEM) solutions, and monitor network traffic for suspicious activity and indicators of compromise (IoCs). Continuous employee training is vital in helping to mitigate human error. Run regular phishing simulations and deliver training in recognising the latest phishing tactics. Employees should be trained to verify suspicious emails, check the authenticity of URLs, and avoid downloading attachments from unknown sources.
Utilising advanced security tools such as AI-driven threat detection can help identify and neutralise phishing attacks before they reach employees’ inboxes. Solutions like Secure Email Gateways and Anti-Phishing software can filter out malicious emails, reducing the chances of a successful attack. Encouraging a culture where employees feel empowered to report suspicious emails or messages without fear of judgment is also crucial.
Perhaps the most crucial mitigating action is to implement a phishing-resistant multi-factor authentication (MFA) solution across the estate.
Phishing-resistant is an authentication method designed to prevent attackers from stealing credentials through phishing attacks. Unlike traditional MFA methods (such as SMS codes or OTPs) that can be intercepted or tricked out of users, phishing-resistant MFA ensures authentication cannot be easily bypassed.
Regularly updating security patches ensures that known vulnerabilities in software or operating systems are resolved promptly, reducing the likelihood of exploitation. Additionally, monitoring for unusual activity, such as logins from unexpected locations or devices, coupled with endpoint protection tools, can swiftly identify and neutralise threats before they escalate, safeguarding critical systems.
Organisations should also establish strong password policies and enforce regular password updates. Weak or reused passwords remain a major vulnerability that attackers exploit during phishing campaigns. Integrating password management software can help employees create and store complex passwords securely.
Get an IRP
Creating and routinely testing an Incident Response Plan (IRP) ensures swift action in the event of a successful phishing attack. An effective IRP should include steps for containment, investigation and communication, as well as post-incident reviews to strengthen defences. Simulating phishing scenarios as part of these tests ensures your IRP remains relevant and effective.
Partnering with Managed Detection and Response (MDR) providers like Obrela can offer real-time monitoring, advanced analytics, and rapid threat containment. Obrela’s MDR services leverage Behavioural Threat Analytics (BTA) to identify anomalies in user behaviour, such as unusual login patterns or unauthorised access attempts, allowing organisations to respond to phishing threats proactively.
Fostering a cybersecurity-conscious culture across all departments is essential. IT teams, HR, and legal departments must work together to align policies with regulations like GDPR and educate employees on their critical role in preventing phishing. This collaborative approach reduces vulnerabilities and ensures that cybersecurity is a shared responsibility.
While phishing remains one of the most common and pernicious forms of cyberattack, by adopting a multi-layered approach, combining human vigilance with advanced technology, organisations can significantly reduce the risk of phishing attacks and protect their critical assets.
