Phishing continues to be one of the most persistent threats facing organizations today. Although the goal of phishing—to steal credentials and gain unauthorized access to IT systems—hasn’t changed, the techniques used by attackers change all the time. In this updated post, we’ll examine insights from CrowdStrike’s 2024 Threat Report and observations from our own Security Operations Center to give you a clearer picture of how phishing tactics have changed.

Definition of phishing – The practice of stealing credentials or confidential information by manipulating individuals into taking an action that provides access to accounts or data, bypassing other layers of security.

How Phishing Threats Have Evolved

Phishing attacks have gone from basic, easily identifiable email scams to highly targeted, fast, and sophisticated operations. Today’s attackers use advanced tools and social engineering techniques that make their phishing attempts nearly indistinguishable from legitimate communications. Here’s how phishing has grown more dangerous over time:

• Fast and Unseen: Phishing attacks now move at lightning speed. Cyber-criminals can gain access to systems and escalate their attack in just minutes, leaving little time for defenders to react. Once inside, they operate unnoticed, using valid credentials and legitimate tools to hide their activity and avoid detection.

• AI and Automation: Attackers are leveraging generative AI to craft phishing emails that are grammatically correct, contextually relevant, and highly convincing. Automation allows them to personalize phishing campaigns at scale, making it easier to target individuals with customized messages that appear authentic.

• Credential Theft and Cloud Focus: With the rise of cloud computing, phishing attackers are increasingly targeting cloud environments. Once they gain access, attackers use stolen credentials to move through these environments undetected, blending in with regular user activity.

Phishing has evolved beyond simple email traps into a multi-faceted, highly organized threat that can cripple businesses if not addressed proactively.

Persistent and Evolving Phishing Tactics

Many phishing methods like double extortion and lateral movement continue to pose significant threats. Attackers aren’t abandoning these methods; instead, they’re refining them to be more sophisticated and harder to detect. Let’s take a closer look at how some of these tactics have evolved:

1. Double Extortion

Double extortion is no longer just about encrypting data—it’s about leveraging sensitive information to coerce payment. Attackers who gain access through phishing no longer rely solely on ransomware. Instead, they threaten to leak confidential data, making it a reputational and financial crisis for the victim.

Even though this technique has been around for some time, the increasing volume and success rate of these attacks show that cybercriminals are continuously improving how they execute them.

2. Lateral Movement with Targeted Phishing

Once attackers gain initial access through phishing, they use lateral movement to explore networks and escalate their privileges. This tactic, often combined with spear phishing, allows them to infiltrate deeper parts of an organization.

Today’s lateral movement strategies are more coordinated, using compromised credentials and legitimate tools to blend in, making detection extremely difficult. AI-powered spear phishing has become more targeted, with attackers using real-time data to craft convincing messages that appear legitimate to their recipients.

3. Interactive Intrusions with Hands-On Hacking

CrowdStrike reports a rise in “interactive intrusion” techniques, where attackers actively take control of compromised systems. Unlike automated attacks, these hands-on hackers operate manually, taking steps to disable security measures and move undetected through networks. Industries such as technology, healthcare, and finance are seeing more of these targeted attacks, and phishing remains a common entry point.

4. Quishing – Malicious QR Codes

While malicious QR codes have been a known tactic, attackers are using them more frequently because they can bypass traditional security filters. Often disguised as multi-factor authentication (MFA) requests, these QR codes trick users into providing credentials, leading to account compromises. This method takes advantage of the growing use of QR codes in business, making it harder for users to distinguish legitimate requests from fake ones.

5. Vishing – Human to Human Attacks

Often disguised as multi-factor authentication (MFA) requests, these QR codes trick users into providing credentials, leading to account compromises. This method takes advantage of the growing use of QR codes in business, making it harder for users to distinguish legitimate requests from fake ones.

Related: How to Get People to Care About Cybersecurity

How to Counter Evolving Phishing Threats

As we complete 2024 and roll into 2025, protecting your organization from phishing requires a multi-layered security strategy. Here are two essential components that every business should include in their cybersecurity strategy:

• Cybersecurity Awareness Training: Ongoing training helps employees recognize phishing attempts and stay up to date on the latest tactics. With phishing attacks becoming more sophisticated, regular awareness sessions can significantly improve your organization’s ability to identify and report threats.

• Microsoft 365 Hardening: As phishing attacks increasingly target cloud environments, hardening your Microsoft 365 environment is crucial. Configuring it to utilize all available security features will minimize vulnerabilities and ensure that your cloud infrastructure is better protected.

Related: Secure Your Digital Workplace with Microsoft 365 Hardening

Time to Up Your Security Game

At XPERTECHS, we help businesses stay ahead of evolving cyber threats like phishing. Our team works with clients to develop security strategies that fit their unique risk profiles, giving them the confidence to manage these increasingly complex threats. If your organization hasn’t updated its defenses to reflect the current phishing landscape, it’s time to act.

Contact us to schedule a meeting and learn how we can help protect your organization.