Phishers Evade Security: Darktrace Exposes Alarming Trends For 2024

Darktrace Unveils Alarming Phishing Trends for 2024

A new report from Darktrace has revealed that threat actors are increasingly relying on trusted business platforms like Dropbox, SharePoint, and QuickBooks to launch phishing campaigns. By embedding sender addresses or payload links within legitimate domains, attackers can bypass traditional security measures and deceive unsuspecting users.

The report’s findings, which span over 30 million phishing emails, reinforce phishing as the preferred attack technique for cybercriminals in 2024. Darktrace’s Annual Threat Report 2024 highlights that 96% of phishing emails utilized existing domains rather than registering new ones, making them difficult to detect.

Cybercriminals are exploiting third-party enterprise services, including Zoom Docs, HelloSign, Adobe, and Microsoft SharePoint, to launch phishing campaigns. In many cases, attackers use redirects via legitimate services like Google to deliver malicious payloads. The report notes that Dropbox was one of the targeted platforms, with phishing emails containing links leading to a Dropbox-hosted PDF with an embedded malicious URL.

The sophistication of phishing attempts continues to rise, with spear phishing making up 38% of cases and novel social engineering techniques such as AI-generated text with linguistic complexity being used in 32% of attacks. The use of multistage malicious payloads, malicious QR codes, and other tactics is becoming increasingly common.

Another attack method involves initial network breaches via vulnerabilities in edge, perimeter, or internet-facing devices, followed by living-off-the-land techniques (LOTL). This strategy exploits pre-installed, legitimate enterprise tools to execute malicious activities while avoiding detection. Darktrace found that 40% of identified campaign activity involved the exploitation of internet-facing devices.

Ransomware groups are increasingly using legitimate enterprise software for stealth attacks. These groups have been observed using AnyDesk and Atera to mask command-and-control communications, data exfiltration to cloud storage services, and file-transfer technology for rapid exploitation and double extortion. The use of MaaS tools increased by 17% from the first to the second half of 2024.

The Darktrace report highlights several key trends in phishing attacks for 2024:

• Phishing emails are becoming increasingly sophisticated, using AI-generated tactics and living-off-the-land techniques.
• Ransomware groups are exploiting legitimate enterprise software for stealth attacks.
• The use of MaaS tools is on the rise.
• Identity remains a persistent source of pain across enterprise and business networks.

The Darktrace report provides valuable insights into the evolving threat landscape in 2024. As phishing attacks continue to rise, it’s essential for organizations to stay vigilant and implement robust security measures to protect themselves against these threats.