A Majority of Phishing Attacks Utilized Trustworthy Domains

Recently, a report came out showing that a vast majority of phishing attacks that were done in 2024 made use of trustworthy domains in order to seem more legitimate to victims. The report was published in Darktrace’s Annual Threat Report for 2024. It showed that phishing email campaigns found ways to embed sender addresses or payload links from actual businesses and websites. This allowed the phishing emails to go undetected as phishing scams and led to an increase in cyber-attacks.

With these attacks, the victims largely were businesses themselves, such as Dropbox, SharePoint, and QuickBooks. Often, services like these have cyber security methods in place that filter out phishing emails, but due to the seeming legitimate appearance of the emails, they slipped through the cracks.

Emails were embedded with details for services such as Zoom Docs.

Additionally, other commonly exploited services were HelloSign, Adobe, and Microsoft SharePoint. 96% of all analyzed phishing emails took advantage of existing domains such as from these services. This allowed them to not have to register new ones and easily go undetected by security software.

Furthermore, evidence suggests that attackers used redirecting links from major services, like Google. With these links, attackers were able to deliver malicious payloads. For example, the main way hackers used Dropbox for their attacks was by including a link in the email that would lead to an authentic Dropbox-hosted PDF. The issue was that the PDF was then embedded with a malicious URL, which allowed attackers to cyber-attack.

Phishing was found to still be a preferred form of cyber-attack.

Another common technique for attacking had to do with the Amazon Simple Email Service. Hackers had been previously able to attack email accounts from a variety of businesses, vendors, and third parties, such as the Amazon Simple Email Service. They then used these already compromised email accounts and used them to further expand their attacks’ breadth. Darktrace reports that this tactic “highlights that identity continues to be an expensive problem across the estate and a persistent source of pain across enterprise and business networks.”

AI has further aided in phishing attacks.

Because of how prominent AI generated text has become, many phishing attacks are able to become spear phishing, which is a cyber security term meant to describe highly focused email attacks. Artificial intelligence has sophisticated the way in which attackers phish tenfold. According to reports, 38% of phishing emails can be described as spear phishing and 32% had detectable AI generated text. This allowed attackers to increase the amount of text in an email, in some ways making it seem more authentic. It also allowed for more complexity in the text itself, also aiding in its believability.

The way of attacking is different now too.

Because of the modern age we live in, attackers no longer have to rely on using sketchy links. While many still do, there are other options available to them. For example, 2.7 million phishing emails featured multistage malicious payloads. Additionally, nearly one million had malicious QR codes. Utilizing malicious QR codes is a newer concept as QR codes have become a more popular feature for services. Keeping with the up-to-date features and using these codes further creates a more believable scam.

Hackers have found ways to consistently up their game and become more authentic seeming as technology grows. While cyber security is also being constantly updated, hackers have the upper hand of being aware of these changes and growths. Nonetheless, the best way to remove phishing threats is to maintain up-to-date cyber security systems and avoid clicking on anything that seems fishy, even if it could be something real.