The cyber security firm reported in its latest annual report that their researchers found more than 30.4 million phishing emails last year.
Threat actors are increasingly targeting trusted business platforms such as Dropbox, SharePoint, and QuickBooks in their phishing email campaigns and leveraging legitimate domains to bypass security measures, a new report released today has found. By embedding sender addresses or payload links within legitimate domains, attackers evade traditional detection methods and deceive unsuspecting users.
According to Darktrace’s Annual Threat Report 2024, the authors detected more than 30.4 million phishing emails, reinforcing phishing as the preferred attack technique.
Legitimate enterprise services hijacked for most phishing campaigns in 2024
Darktrace noted cybercriminals are exploiting third-party enterprise services, including Zoom Docs, HelloSign, Adobe, and Microsoft SharePoint. In 2024, 96% of phishing emails utilised existing domains rather than registering new ones, making them hard to detect.
Attackers were observed using redirects via legitimate services, such as Google, to deliver malicious payloads. In the case of the Dropbox attack, the email contained a link leading to a Dropbox-hosted PDF with an embedded malicious URL.
Alternatively, threat actors abused hijacked email accounts, including those from Amazon Simple Email Service, belonging to business partners, vendors, and other trusted third-parties. The report’s authors say this “highlight(s) that identity continues to be an expensive problem across the estate and a persistent source of pain across enterprise and business networks.
Explore emtech 360 for the latest advancements in Information Technology & insightful updates from industry experts!
Source : https://www.techrepublic.com/article/darktrace-threat-report/
