KnowBe4, Safety Consciousness Coaching chief, at present launched its Phishing Risk Development Report, detailing key tendencies, new knowledge, and risk intelligence insights surrounding phishing threats concentrating on organisations at the beginning of 2025.
Based mostly on knowledge generated by KnowBe4 Defend, this version highlights the rising risk of ransomware and explores how cybercriminals are utilizing subtle techniques to bypass native safety and safe e mail gateways (SEGs). It additionally examines how AI is being leveraged to create polymorphic phishing campaigns, how attackers are infiltrating the hiring course of to entry programs and knowledge, and the rising success of assaults evading conventional defences.
Key Findings From the Report:
- Between September 15, 2024 and February 14, 2025 there was a 17.3% enhance in phishing emails in comparison with the earlier six months.
- 82.6% of all phishing emails analysed exhibited some use of AI.
- The report observes a 22.6% enhance in ransomware payloads.
- The phishing hyperlink, malware, and social engineering payloads getting by way of conventional detection have surged, with phishing hyperlinks rising by 36.8%, malware by 20%, and social engineering techniques by 14.2% in comparison with the earlier six months.
- Moreover, there was a 57.9% enhance in assaults being despatched from compromised accounts getting by way of conventional detection.
- The highest 5 official platforms used to ship phishing emails embody DocuSign, Paypal, Microsoft, Google Drive, and Salesforce.
- Presently probably the most impersonated manufacturers embody Microsoft, Docusign, Adobe, Paypal, and LinkedIn.
The report examines the unprecedented scale of polymorphic phishing techniques, now current in 76.4% of all phishing campaigns, which use AI-generated variations to bypass conventional safety measures. In the meantime, ransomware payloads in phishing assaults have risen by 22.6% over six months, with a pointy 57.5% enhance in simply three months—exemplified by a complicated INC Ransom payload detected by KnowBe4 Defend. The analysis additionally highlights how cybercriminals are more and more concentrating on the hiring course of, with 64% of assaults centered on engineering roles, exploiting their entry to essential programs and knowledge.
“As ever, innovation in phishing threats and defences is accelerating quickly,” mentioned Jack Chapman, SVP of risk intelligence at KnowBe4. “On this report, we now have noticed cybercriminals evolving their techniques, leveraging ransomware and polymorphic campaigns with new methods to evade detection by each conventional and superior applied sciences. As we transfer by way of 2025, each phishing threats and defences will proceed to evolve, emphasising a holistic strategy that integrates technical defences with human danger administration. A robust safety tradition begins with detection however is strengthened by consciousness, steady training, and adaptive expertise.”
The Phishing Risk Developments Report, Vol 5 is offered for obtain here.
This follows a report from KnowBe4 revealing how underprepared the training sector is for escalating cyberattacks.
The publish New KnowBe4 Report Reveals a Spike in Phishing Campaigns appeared first on IT Security Guru.
