SlashNext recently published its 2023 report on the State of Phishing. The data is from SlashNext’s optics into email traffic around the world, along with a survey of 300 cybersecurity professionals and getting hands-on in the Dark Web.
Headline findings:
- Malicious phishing messages have increased 1,265% in the 12 months from Q4 2022 to Q3 2023, with ChatGPT and malicious generative AI services a significant contributing factor.
- SlashNext detected an average of 31,000 phishing attacks each day. This is an average number across the 12 months under investigation. What’s not disclosed is the baseline number of email messages sent each day that were subjected to SlashNext’s analysis. Globally, the number is around 350 billion emails sent each day, which makes 31,000 a mere 0.00000886% of the global total. But that’s an unfair calculation, because SlashNext doesn’t see all of those. If we assume that SlashNext has the optics to assess 1% of the total email traffic volume (3.5 billion emails), then it’s 0.000886%. However you cut it, phishing is a dangerous needle in a very, very, very, very large haystack, and the high percentage of phishing messages being BEC threats (68%) in that needle is very, very, very expensive to get wrong.
- Key point – “AI chatbots (like ChatGPT) lowered the barriers to creating sophisticated BEC attacks and improved malware.” Be warned.
- SlashNext explores the rise of multi-stage attacks, cross-channel attacks, the use of trusted services to host malicious content (e.g., SharePoint – and why that’s a problem), and dark web hi jinx with jailbreak prompts and anonymizing wrappers for generative AI services.
Request the full report from SlashNext (25 content pages). Registration is required.
Leave a Reply