phishing attack

A Roundup of the Top Phishing Attacks in 2024 So Far

DMARCReport Audio
DMARC Report
A Roundup of the Top Phishing Attacks in 2024 So Far
Loading
/

Is your mailbox flooded with unsolicited emails? While most of these emails are harmless (like bulk or spam), some of them have the potential to seriously damage your entire ecosystem. Year after year, these emails are getting more frequent and formidable. In fact, we are only halfway into 2024, and the number of fraudulent emails that make it into the targets’ inboxes continues to surge.

A recent report by SlashNext revealed a 341% increase in malicious emails, and AI has substantially contributed to this number.

Let us take a look at some of the most notable phishing attacks that we witnessed in 2024.

Notable Phishing Attacks of 2024

Undoubtedly, we have come a long way in terms of technological advancements, but with this progress, the like phishing has also evolved, which certainly is not in our favor. With each passing year, cybercriminals are getting smarter at employing new techniques, evading security measures, and infiltrating the systems of their targets, and the year 2024 is a testament to this. 

While there are many ways for cyber attackers to access private corners of your digital ecosystem, email remains the most preferred attack vector

Here are some of the most severe email-based phishing attacks of 2024 that you should know about:

email-based phishing attacks

Microsoft and Google Phishing Attacks

A recent report by Check Point unveiled that Microsoft and Google are the major brands susceptible to being spoofed to execute phishing attacks. In the first quarter of 2024, Microsoft accounted for 38% of all attempted brand phishing attempts, making it the top target, followed by Google at 11%. What’s more interesting is that most of these attacks typically involved seemingly legitimate emails, meticulously crafted to trick recipients into providing their login credentials or other sensitive information. 

Pepco Social Engineering Attack

Apart from tech giants, threat actors continue to target retail businesses in 2024. One such incident happened in February 2024, when Pepco Group, a major European retailer, lost around €15.5 million in a devastating attack. According to the COO of OSP Cyber Academy, Irene Coyle, the incident was likely a phishing attack that involved fraudsters spoofing legitimate employee emails to deceive the finance staff into transferring funds.

Although there isn’t much clarity on the specifics of the technique, it is speculated that the attack was executed by employing state-of-the-art AI tools that made it difficult for the victims to see through the deceit and prevent themselves from falling prey.

Malware Disguised as a Bank Payment Notice

In March 2024, a new phishing campaign emerged that used a novel loader malware to deliver Agent Tesla, which plays the role of an information stealer and keylogger. This attack was uncovered by Trustwave SpiderLabs, which identified that the attack chain began with a phishing email masquerading as a bank payment notice. The message was so well crafted that it successfully compelled the users to open an archive file attachment.

This seemingly benign attachment concealed the malicious loader, which used obfuscation techniques to evade detection, bypass antivirus defenses, and deploy Agent Tesla to steal sensitive data from the affected server.

antivirus defenses

StrelaStealer Phishing Attacks

Recently, a new wave of phishing attacks has come to the surface that has affected over 100 organizations across the European Union and the United States. According to the researchers at Palo Alto Networks’ Unit 42, these attacks stem from spam emails with attachments that deliver the StrelaStealer malware

The approach behind this attack is so uncomplicated yet sophisticated that it escaped the purview of the employees of more than 100 companies. In an attempt to evade detection, the attackers simply changed the file format of the attachment and successfully managed to achieve their malicious intentions of stealing email login data across sectors like finance, government, and manufacturing. 

Learning From the Mistakes 

With email being one of the most common channels of communication for the good, bad, and ugly, email-based phishing attacks are here to stay! But this does not mean you cannot protect your organization from succumbing to such attacks.

Follow these tips to mitigate the risk of email-based phishing attacks and strengthen your security posture

Implement Multi-Factor Authentication (MFA)

Gone are the days of single-factor authentication. As email ecosystems and attacks targeting these ecosystems become more complex, it is clear that we need a solution that offers comprehensive and layered protection. Multi-factor authentication (MFA), like a two-step verification process, checks these boxes and makes it significantly harder for attackers to gain unauthorized access.

Update Your Software Regularly 

An often-overlooked way to prevent phishing attacks is to ensure that all software, including email clients and security tools, are kept up to date. This simple step can help you identify and patch any new or existing vulnerabilities that attackers could potentially exploit. 

Conduct Employee Training

It is important that your employees recognize and understand the threats looming over the digital landscape, the latest tactics used in phishing attacks, and more. Regular training sessions among your teams can prove to be a big leap toward cultivating a culture of cyber resilience. The sessions should cover everything about email-based phishing attacks— how to identify suspicious emails, links, and attachments, how to respond to them, and most importantly, how to report them. 

cyber resilience

Image sourced from cybeready.com

Prioritize Email Authentication 

Implementing email authentication protocols (SPF, DKIM, and DMARC) is a robust and non-negotiable approach to minimizing the risks of email phishing attacks. By properly configuring these protocols, you can ensure that incoming emails are validated, thereby reducing the risks of phishing attacks, spoofed emails, and email impersonation.

To Sum Up 

Now that you are aware of the most notable phishing attacks of 2024, it is crucial to strategically leverage this information to adopt a proactive approach to cybersecurity

While this might seem like a complex endeavor, you can trust our team at DMARCReport to solve your email authentication woes.

Need help? Reach out to us today to safeguard your organization’s digital assets!

Similar Posts