Security Think Tank: The phishing forecast for 2024

Egress’ Jack Chapman and James Dyer explore how phishing attacks are set to grow in their scope and sophistication this year, with generative AI playing a big role

Jack Chapman and James Dyer

Published: 07 Feb 2024

2023 was a ground-breaking year for cyber security advancements and attacks, with new developments making headlines globally. In 2024, we can expect to see increasingly advanced phishing campaigns leveraging the capabilities of AI, and more sophisticated and frequent attacks as a result. Already in 2024, we have seen a number of breaches and attacks including the use of ‘bespoke phishing lures’ against Microsoft employees.

Faster, harder and more targeted

Moving from 2023 to 2024, a key trend is automation behind cyber attacks and more importantly how attackers can combine and automate across multiple steps of the traditional kill chain. This unfortunately will continue to expand; we expect it will go as far as automatically creating or selecting templated phishing attacks tailored to a user’s open-source intelligence (OSINT) information, sending the attack, requesting and validating the MFA and validating the compromise to perform follow-up attacks.

Cyber criminals will be using OSINT, harvested with the help of AI, to create plausible backstories by scraping social media profiles in less than a second, or asking ChatGPT to write the most persuasive messages, and even utilise AI software to help create payloads and speed up delivery.

The reduction in attacker participation allows for more sophisticated targeted attacks, without the threat actor spending time, money or effort, and ultimately raising the average bar for successful attacks. As AI is added to a threat actor’s arsenal, we hope 2024 brings more governance around these tools and the ethical use of AI software.

Security of AI coming to the forefront

Attackers weaponising the use of AI, whether it be utilising large language models (LLMs) or automating the generation of A/B testing specific features within phishing emails and broader cyber attacks, will continue to dominate conversations. However, an area which is overlooked often is targeting the AI systems which are in place to protect organisations themselves.

Although these systems are an asset to improve the technology controls protecting organisations, attackers have realised the opportunity here. Why combat the technology if you can teach it that all of your attacks are “safe”?

This is an evolution from obfuscation-based attacks which target the technology directly; now attackers can target the technology and the machine learning behind it.

This sophisticated targeting extends to the likes of creative attacks that make it tough for Natural Language Processing (NLP) and linguistic checks to locate malicious wording within emails. We predict that the use of invisible characters, lookalike characters and images to avoid scannable words which NLP would traditionally pick up will become increasingly frequent.

Along a similar vein, we’ll probably see a spike in password-restricted payloads where the payload is hidden initially as well as more attacks coming through encrypted emails which security solutions struggle to scan.

New barrage of supply chain threats

Over the past few years, we have seen the evolution of attackers utilising compromised business accounts to target new and unsuspecting victims, effectively bypassing authentication and trust-based protection systems.

In 2024 we predict that this will follow on to the next effective method at a new scale and challenge, using the compromised accounts of those who are already known to an organisation and its users. At Egress, we have already seen a sharp rise in the latter half of 2023, but it’s expected to grow drastically in 2024.

For a threat actor, this has so many appealing features: a ready-made list of potential targets, far higher success rates than your run-of-the-mill compromised attack, and an easier path into more secure but appealing organisations which may be too tough to target directly. This is going to be a big trend for 2024.

Multi-channel attacks on the rise

Cyber attacks are becoming increasingly sophisticated, but they’re also utilising multiple channels to attempt to add legitimacy. Victims may receive a QR code in an email, and then a follow-up SMS text, replicating multi-channel methods seen commonly used in marketing, and even multi-factor authentication.

In 2024, we can only see this trend growing. And with messaging apps like WhatsApp and Signal having fewer security systems than email, it is not hard to imagine more channels will be targeted.

Much like previous years, cyber attacks will likely become more frequent and advanced with the cybercriminal community leveraging new tools to evade detection. Staying cognisant of these risks and ensuring security and awareness training is prioritised will be the key to staying a step ahead in 2024.

Jack Chapman is senior vice president of threat intelligence at Egress.

James Dyer is threat intelligence lead at Egress

Read more on Hackers and cybercrime prevention

Inquiry to explore cyber risk to Sunak-Starmer showdown