A new report released today by phishing protection company SlashNext Inc. highlights a sharp escalation in phishing attacks as 2024 comes to a close, with a staggering eightfold increase in the second half of the year.

The Prepare for 2025: 2024 Phishing Intelligence Report is based on an analysis of billions of threats across email, mobile and messaging platforms. It takes a deep dive into the rapidly evolving phishing landscape and the tactics cybercriminals use to exploit emerging vulnerabilities.

The company says headline finding of a 703% rise in credential phishing attacks during the second half of 2024 indicates the increasing sophistication of cybercriminal tactics. The surge was found to have been driven by the widespread availability of advanced phishing kits on the dark web, the shady corner of the internet where scammers and cyber criminals sell user data, that allows attackers to automate and scale up their efforts.

The SlashNext researchers also note that the rise of generative artificial intelligence has also allowed phishing campaigns to deploy highly convincing, personalized attacks that make it easier to bypass traditional security measures and deceive users.

Email-based attacks were found to have surged more than threefold in the second half of 2024, driven by increasingly sophisticated phishing techniques and the use of AI to craft convincing, targeted messages. Attackers were found to be exploiting advanced phishing kits and zero-day links that evade traditional security controls, allowing malicious content to reach inboxes undetected.

Other findings in the report include zero-day threats, those not yet patched with updated software, now dominating the phishing landscape, with 80% of malicious links identified as previously unknown. The threats, often generated moments before deployment using AI and automation tools, bypass traditional security measures reliant on signature-based detection.

Users also faced significant exposure to phishing threats in 2024, with an average of three to six attacks per week during peak periods and up to 600 mobile threats annually.

The attacks faced by users on their devices often bypass traditional defenses, exposing them to advanced social engineering tactics and malicious links. The consistent frequency of the threats is noted as underscoring an urgent need for organizations to implement real-time, adaptive security measures to protect users from the relentless and evolving nature of phishing campaigns.

“In early 2024, we witnessed a sharp spike in attacks as adversaries quickly learned to integrate AI into their phishing strategies, resulting in far higher volumes of advanced and effective threats,” said Stephen Kowski, field chief technology officer at SlashNext. “By the second half of the year, the growth in attack volume was more gradual but still persistent.”

Looking ahead to 2025, SlashNext expects the rapid evolution of phishing attacks to accelerate, driven by increasingly sophisticated AI-generated threats that are harder to detect. Attackers are expanding beyond email to target messaging platforms such as business collaboration tools, SMS and social media, making phishing a broader messaging security problem.

“Traditional security measures are overwhelmed by the sheer volume and adaptability of these threats,” Kowski added. “Organizations need a comprehensive, proactive security strategy backed by real-time detection and mitigation technologies to stay ahead of increasingly agile attackers.”

Image: SiliconANGLE/Ideogram