Quishing Attacks Jump Tenfold, Attachment Payloads Halve

Quishing attacks, a type of phishing that exploits QR codes, has seen siginificant rise from 0.8% in 2021 to 10.8% in 2024, according to the latest finding from Egress. At the same time, the report notes a substantial decline in attachment-based payloads, which decreased by half from 72.7% to 35,7%. Impersonation attacks continue to be a prevalent threat, with 77% if them masquerading as well-known brands such as DocuSign and Microsoft. This indicates cybercriminals’ ongoing reliance on social engineering tactics. The report also highlights an interesting trend: phishing emails have become three times longer since 2021, possibly due to the increased use of generative AI to craft more sophisticated messages.

Multi-channel attacks particularly targeting work-related messaging platforms like Microsoft Teams and Slack, have become more prevalent. These platforms collectively account for half of the secondary steps in such attacks. Notably, Microsoft Teams experienced a significant 104.4% increase in these types of attacks in 2024 compared to the previous quarter.

Further, Artificial Intelligence has emerged as a powerful tool for cybercriminals, contributing to various stages of their attacks. The report predicts a rise in the utilization of deepfakes in both video and audio formats, adding a layer of complexity to cyber assaults. Security Officer Comments:

Despite technological advancements, secure email gateways (SEGs) lag behind, with a 52.2% increase in attacks evading detection in early 2024. This underscores the need for adaptive cybersecurity measures in the face of evolving threats. Moreover, another finding from researchers is that millennials have become prime targets for cybercriminals, receiving 37.5% of phishing emails. This trend including personalized attacks around events like Valentine’s Day, highlights the dynamic and evolving nature of today’s landscape.

Suggested Corrections:
Organizations and individuals can use various methods to protect against quishing attacks, including:
  • Educate Users: Teach employees about the quishing threat and the risks of scanning QR codes from untrusted emails.
  • Use an Email Scanner: Email scanners may be able to identify quishing emails based on text content, the QR codes themselves, or other phishing red flags.
  • Don’t Scan Untrusted QR Codes: Don’t scan QR codes originating from an unknown or untrusted source.
  • Check URLs After Scanning: After scanning a QR code, check the URL before browsing to it or entering sensitive information.
  • Enable Multi-Factor Authentication (MFA): Enable MFA to reduce the potential impacts if user credentials are entered into a phishing site.