Phishing attacks are on the rise again with the help of sophisticated generative-AI tools. However, new defenses and increased wariness among potential victims are blunting phishing’s potential for widespread harm.
For the uninitiated, phishing is a foundational practice for all cybercrime. For the most part, it is a scatter-gun methodology, sending out as many emails, texts, social media posts, and even phone calls as possible to get victims to give up personal information or access sensitive files. There are billions of phishing attacks going on around the world every year. According to FBI reports, the latest report shows losses in 2022 were more than $10 billion. The totals go up every year.
Phishing on the rise
Huntress recently issued a comprehensive report on the state of cybercrime that showed an alarming increase in the number of attacks in 2024 using no less than 285 different forms of attack. Modern attack methodologies go far beyond just sending out massive amounts of emails. They can also include an “urgent” voicemail or text, urging the victim to immediately click on the link of an email; infiltrating reply chains; QR codes instead of links, and signature impersonations.
One new phishing kit is Astaroth, which was revealed in January by SlashNext, a cloud email security provider. Primarily marketing on the Telegram messaging platform, the kit sells for $2000 and includes free trials.
Astaroth intercepts and manipulates traffic between victims and legitimate authentication services like Gmail, Yahoo, and Microsoft. It captures login credentials, tokens, and session cookies in real-time, effectively bypassing 2FA conventional security measures largely ineffective.
Sophisticated attacks
Thomas Richards, network and red team practice director at Black Duck, said Astaroth is very sophisticated. The most common defenses and phishing “tells” are harder to spot with this attack. The fact that the tool operates on providers that don’t cooperate with law enforcement makes it even harder to defend.
“Recently, the US and European countries placed sanctions on countries harboring these bullet-proof hosting providers. Users should be extra cautious when receiving an email purporting to be from an organization they know and demanding an immediate action. If such an email is received, users should visit the website directly and not click the link to see if there are any alerts or problems with their account.”
“The Huntress report shows the futility of signature-based defenses and the importance of defenses able to see all likely attacks, “said Evan Powell, CEO of DeepTempo. “(There are) clear signs of attackers altering attacks and tactics at an increasing pace. Humans, their rules and pin-point focused ML models alone cannot keep up with the attackers.”
New defenses
New technologies are coming online to blunt the new attack methods before they can take a foothold. As gangs incorporate new technology into their efforts to boost profitability. AI can tailor content to specific victims, mimicking voices through deepfake technology, and automating the targeting process making it harder to identify a phishing attempt. Powell’s company employs “collective defense via deep learning” to blunt these new methods. DeepTempo’s technology is included in the Snowflake Marketplace.
On a more practical level is are two relatively new services from NetNumber, a provider of centralized signaling and routing controller (CSRC) solutions. The NetNumber Services Registry (nnSR), offered to enterprises, tracks and lists phone numbers used by criminal robocall and text organizations so telecommunications companies can block them. The registry also keeps track of victims’ numbers, alerting companies if their customers have been targeted so additional security can be applied. NetNumber also provides a service to protect users against “spoofing,” the practice of manipulating caller ID to make it appear as if they are calling from a trusted number.
Personal awareness
However, while the number of attacks increases significantly every year, common awareness of the problem is growing just as fast. That makes a successful outcome difficult for phishing gangs. In the end, the most important defense is the critical thinking skills of potential victims. Every successful phishing attack has a common success point: when the victim clicks on a link. Avoid that commonality and the attack is unsuccessful.
Tripwire, an integrity management subsidiary of Fortra, suggests:
- Avoid clicking on links in emails and texts even if you think you know who they are from. Instead, hover over them to see the actual URL. Double-check the sender’s email address for any barely noticeable misspellings or unusual characters.
- Generic greetings like “Dear Customer” are a dead giveaway that, in the least, your email or phone number are taken from a mailing list.
- Be wary of urgent requests for sensitive information.
On that final point, Cyber Protection Magazine has one other suggestion. Be aware of the chain of command in requests for access and information. For example, if you are not a direct report to the CEO or CFO, relay all such requests to your direct report and let them confirm the request.
A bit of thought before action makes everyone more secure.
Lou Covey is the Chief Editor for Cyber Protection Magazine. In 50 years as a journalist he covered American politics, education, religious history, women’s fashion, music, marketing technology, renewable energy, semiconductors, avionics. He is currently focused on cybersecurity and artificial intelligence. He published a book on renewable energy policy in 2020 and is writing a second one on technology aptitude. He hosts the Crucial Tech podcast.
thanks Lou – anyone using Snowflake for their security datalake can try our Tempo for free. We are confident you will find the power of the first foundation model of its kind in cybersecurity – the ability to flag concerning patterns in user and system behavior. Phishing could have been the way the attacker enters your environment, or some sort of polymorphic attack, or it could be an insider or some other way in; once they are in our job is to SEE them and help your team to understand very precisely what should be concerning.
Easy to try for anyone considering or using Snowflake as their security data lake!