New report reveals a rise in phishing attacks, as commodity campaigns, advanced persistent threats, and impersonation attacks escalate



London, UK – 3rd October 2024 - Leading cybersecurity company, Egress, a KnowBe4 company, today has launched its latest Phishing Threat Trends Report (October 2024), which examines the most recent phishing statistics and threat intelligence insights. The report explores how cybercriminals commercialise their activities through phishing toolkits, the tactics employed during large-scale commodity attacks, the multi-step process of advanced persistent threat campaigns, and the methods of impersonating brands and individuals. 

Key stats from the Phishing Threat Trends Report (October 2024) 

  • 28% increase in phishing emails sent between April 1st – June 30th vs January 1st – March 31st, 2024 
  • 82% of phishing toolkits mentioned deepfakes and 74.8% referenced AI 
  • During a commodity attack, on average organisations experience a 2,700% increase in phishing attacks compared to the normal baseline 
  • 72.3% of commodity attacks used a hyperlink as its payload, followed by QR codes at 14.0%  
  • 52.5% of advanced persistent threat (APT) campaigns were classified as zero-day attacks, while only 35.4% contained a previously identified payload 
  • 89% of phishing emails involve impersonation; Adobe was the most impersonated brand, followed by Microsoft 
  • 14.9% of impersonation emails were classed as ‘payloadless’, relying solely on social engineering tactics 
  • 44% of phishing emails were sent from compromised accounts, helping them bypass authentication protocols 

Key themes:  

Phishing emails surge in Q2, as compromised accounts and hyperlinks dominate 

The report reveals a 28% increase in phishing emails sent between April 1st – June 30th vs January 1st – March 31st, 2024, with June seeing the highest volume of phishing emails. 44% of attacks were sent from compromised accounts to help them bypass authentication protocols, with 8% originating from an account within an organisation's supply chain. The most prevalent payloads in these emails were hyperlinks, found in 45% of cases, followed by attachments, which appeared in 23% of the phishing emails. 

Phishing toolkits open the door for less-skilled threat actors  

The Egress Threat Intelligence team has analysed the types of phishing toolkits available on the dark web, with many using subscription-based models where ‘customers’ can benefit from enhancements and refresh their attacks at pace with payload blocklists. 

These sophisticated toolkits employ various techniques and tactics, from templated attacks to polymorphic payloads, and often include quality assurance and customer service features. Notably, 46% of the analysed toolkits offer money-back and deliverability guarantees that attacks will bypass Microsoft 365’s native security and secure email gateways (SEGs), with most providing 24/7 support through platforms like Gpg4win, Telegram, Signal, and WhatsApp. 

Commodity attacks overwhelm cybersecurity admins  

Commodity attacks—mass-produced, malicious campaigns that typically mimic spam by impersonating brands on a large scale—are rising in popularity, peaking at 13.6% of all phishing emails detected by Egress Defend in December 2023.  

During a commodity campaign, organisations experience a staggering 2,700% increase in phishing attacks compared to their normal baseline. These attacks are primarily image-based, with 51.1% featuring a single graphic; often include hyperlinks (72.3%); and are highly polymorphic, randomising elements like links and display names. This flood of unsophisticated threats creates white noise, potentially masking more sophisticated and targeted phishing attempts, making detection even harder for cybersecurity admins. 

Key practices used in advanced persistent threats (APTs) 

The new report details the critical steps in advanced persistent threats (APTs), where cybercriminals—often state-sponsored or part of large criminal organisations—conduct highly targeted and sophisticated campaigns against specific organisations. These attacks target outcomes such as data exfiltration, extortion, or espionage, leveraging resources for extensive, multi-stage operations using various tactics over long periods.  

Most APTs focus on a single target, using zero-day payloads as well as advanced technical and social engineering tactics to breach that organisation and achieve their desired outcome. Of the 86 APTs analysed for this edition, at least half (52.5%) were classified as zero-day attacks, whereas only one-third (35.4%) contained previously identified payloads. 

Impersonation tactics continue to prevail 

The Phishing Threat Trends Report reveals that 89% of phishing emails involve impersonation, with Adobe ranking as the most impersonated brand and DHL as the most impersonated mail carrier.  

Between January 1st and August 31st, 2024, 26% of phishing emails impersonated brands unconnected to the recipient through an established business relationship. Among these, 9.7% impersonated phone or video conferencing providers (such as Zoom) and 5.3% impersonated mail carriers (such as UPS or DPD), frequently using ‘missed voicemail’ or ‘missed delivery’ campaigns. The next most common impersonation attacks involved posing as the recipient's company, accounting for 16.0% of incidents, with HR being the most frequently impersonated department.  

New employees with a tenure of two to seven weeks were the most targeted individuals for phishing emails impersonating VIPs, typically as part of CEO fraud attacks. Outside of employer-related attacks, Jeff Bezos and Elon Musk were among the most commonly impersonated celebrities.  

Jack Chapman, SVP of Threat Intelligence at Egress, a KnowBe4 company, comments: 

The fourth edition of the Egress Phishing Threat Trends report offers eye-opening insights into the shifting landscape of phishing threats in 2024, revealing alarming trends based on data from Egress Defend and exclusive intelligence from the Egress Threat Intelligence team. One of the most troubling findings is the rapid commoditisation of AI in phishing toolkits, which is putting advanced threats into the hands of less sophisticated cybercriminals. Organisations must respond by adopting advanced AI defenses that effectively counter these evolving threats while ensuring they aren’t introducing new vulnerabilities by using AI for AI’s sake.” 

 “As the old saying goes, 'the only constant is change,' and this is especially true in cybersecurity. As cybercriminals pivot away from one tactic that is no longer reaping the same rewards, a new one pops up to take its place. However, the report highlights one enduring reality: modern phishing threats are increasingly driven by impersonation tactics, which have become the backbone of many advanced and targeted attacks against organisations.” 

“The Phishing Threat Trends report is a must-read for all cybersecurity teams who want to stay ahead of emerging threats. It provides crucial insights and actionable strategies that are essential for outpacing evolving risks and securing your organisation.” 

To read the full Phishing Threat Trends Report (October 2024), visit: https://pages.egress.com/whitepaper-phishing-trends-threat-report-10-24.html    

About Egress, a KnowBe4 Company 

As advanced persistent threats continue to evolve, we recognise that people are the biggest risk to organisations’ security and are most vulnerable when using email. 

Egress, a KnowBe4 company, is the only cloud email security provider to continuously assess human risk and dynamically adapt policy controls, preparing customers to defend against advanced phishing attacks and outbound data breaches before they happen. Leveraging contextual machine learning and neural networks, with seamless integration using cloud-native API architecture, Egress provides enhanced email protection, deep visibility into human risk, and instant time to value. 

PR Contact 

C8 Consulting for Egress (UK & US) 
egress@c8consulting.co.uk