According to email security specialist Mimecast, cyber criminals are shifting away from using malware-laced attachments in email attacks and are now using links to legitimate cloud-based file sharing services like Google Drive and SharePoint. The volume of email-delivered malicious links has increased by over 130% in the first quarter of 2024 and by 53% in the second quarter compared to the same periods in 2023.
In Mimecast’s Global Threat Intelligence Report 2024 H1, it was noted that threat actors are using multiple layers of links and tricks like CAPTCHAs and false multifactor authentication challenges to evade detection. Mimecast emphasized the importance of email security in protecting organizations from emerging threats and maintaining productivity and safety.
The report highlighted several malicious campaigns, including one where recipients were directed to a fake Microsoft Outlook sign-in page after clicking on a link in an email. Another campaign involved phishing links aimed at stealing valuable information by exploiting device security compliance issues.
Additionally, Mimecast’s data revealed that threat actors are using artificial intelligence in phishing scams, such as sending emails with PDF attachments hosted on AI development services to gather credentials. AI-backed scams like impersonating PayPal and using AI-enabled call centers to trick victims into revealing sensitive information are on the rise.
Overall, Mimecast warned that the use of generative AI and machine learning in phishing campaigns will make it more challenging for defenders to detect and respond to new and sophisticated attacks.