Business Functions Hit by AI Phishing

share
Header image

Business Functions Hit by AI Phishing

share

Phishers also spoof social networks to distribute malware, mask C2 communications and gather target intelligence.

A sharp escalation in AI-driven phishing attacks targeting critical business operations including IT, HR, payroll, and finance has been detected.

According to research by Zscaler, phishing attacks are down globally by 20 percent, but attackers are going deeper, targeting high-value departments with precision.

Its analysis of over two billion blocked phishing attempts between January and December 2024 determined cyber-criminals are using Generative AI to launch surgical, targeted attacks against high-impact business functions.

It also determined that cyber-criminals are using GenAI to scale attacks, generate fake websites, and craft deepfake voice, video, and text for social engineering. 

Phishing campaigns are increasingly abusing community-based platforms like Facebook, Telegram, Steam, and Instagram – not only spoofing their brands, but using them to distribute malware, mask C2 communications, gather target intelligence, and carry out social engineering attacks. 

“The phishing game has changed. Attackers are using GenAI to create near-flawless lures and even outsmart AI-based defences,” said Deepen Desai, CSO and Head of Security Research, Zscaler.

“Cyber-criminals are weaponising AI to evade detection and manipulate victims, which means organisations must leverage equally advanced AI-powered defenses to outpace these emerging threats. Our research reinforces the importance of adopting a proactive, multi-layered approach - combining robust zero trust architecture with advanced AI-driven phishing prevention - to effectively combat the rapidly evolving threat landscape.”

 


Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Artificial IntelligencePhishing Published: 2 May Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Upcoming Events

No events found.

Related content

Cybersecurity implications of Claude Mythos explored by US, UK

Cybersecurity implications of Claude Mythos explored by US, UK

 AI coding tools must not propagate vulnerabilities, says NCSC head

AI coding tools must not propagate vulnerabilities, says NCSC head

 Novel font-rendering attack prevents AI assistants from detecting illicit code

Novel font-rendering attack prevents AI assistants from detecting illicit code
Crypto phishing scam crackdown sought by new global international law enforcement operation

Crypto phishing scam crackdown sought by new global international law enforcement operation

 Report: UK cyberattacks grow faster than global rate

Report: UK cyberattacks grow faster than global rate

 Novel CyberStrikeAI tool exploited in attacks

Novel CyberStrikeAI tool exploited in attacks
Industry urges reform to retain women in tech

Industry urges reform to retain women in tech