SlashNext released its newest report titled "
Prepare for
2025: 2024 Phishing Intelligence Report" to help organizations anticipate
and ready themselves for scams expected in the next year. Spanning billions of
analyzed threats across email and mobile channels-including Business Email
Compromise (BEC), malicious links, attachments, QR codes, and AI-driven natural
language attacks-the report offers a comprehensive look at the rapidly evolving
phishing landscape and the vectors most exploited by cybercriminals in the past
year, identifying necessary considerations for organizations aiming to strengthen
their security defenses against these attacks in 2025.
Key Findings from the 2024 Report:
- Credential Phishing Soars by 703%: Credential theft attacks surged dramatically in the
second half of 2024, signaling a sharp escalation in the use of
sophisticated phishing kits and social engineering tactics.
- Massive Uptick
in Email-Based Attacks: Overall,
email-based threats rose by 202% in the latter half of the year, with
individual users receiving at least one advanced phishing link per week
capable of bypassing traditional network security controls.
- Zero-Day
Dominance: Of all
embedded malicious links observed, 80% were previously unknown zero-day
threats-underscoring the limitations of static threat intelligence and
signature-based detection methods.
- Frequent User Exposure: During peak
periods, users faced an average of 3-6 threats per week, and annually, up
to 600 mobile threats per user. Social engineering-based attacks rose by
141% in the last six months, reinforcing the need for real-time, adaptive
security measures.
"In early 2024, we witnessed a sharp spike in attacks as
adversaries quickly learned to integrate AI into their phishing strategies,
resulting in far higher volumes of advanced and effective threats," said
Stephen Kowski, Field CTO, SlashNext. "By the second half of the year, the
growth in attack volume was more gradual but still persistent. We fully
anticipate this upward trajectory will continue into 2025, especially as our
threat research team uncovers new, advanced
phishing kits freely available on the Dark Web."
Looking
ahead to 2025, we expect this rapid evolution to accelerate, with AI-generated
attacks becoming more sophisticated and harder to detect, while attackers
increasingly target messaging platforms beyond email, including business
collaboration tools, SMS, and social media. The bottom line is phishing isn't
an email-only problem anymore; it is a broader messaging security problem that
requires a fundamental shift in how organizations approach threat detection and
prevention.
The volatile nature of threat categories-ranging from novel
phishing links and cleverly disguised attachments to expertly engineered
natural language scams-means that what's effective for attackers can change on
a near-weekly basis.
"Traditional security measures are overwhelmed by the sheer
volume and adaptability of these threats," continued Kowski. "Organizations
need a comprehensive, proactive security strategy backed by real-time detection
and mitigation technologies to stay ahead of increasingly agile attackers."
Read the full 2024 Phishing
Intelligence Report and learn more about how organizations can prepare for
the 2025 phishing landscape.