Share This:

Sponsor

PredictsOver the last few months, Barracuda’s threat analysts have reported on several advanced phishing techniques implemented by attackers to evade security controls

and make malicious emails look more convincing, legitimate, and personal.

In this blog post, we look at how these and other advanced phishing techniques are likely to evolve in 2025. Our expectations are that:

  • Phishing-as-a-service (PhaaS) kits will account for half of credential theft attacks next year, up from 30% today, and evolve to steal multifactor authentication (MFA) codes.
  • Targeted attacks will feature personalized emotional appeals based on an analysis of the recipient’s social media and communication history, with a rise in extortion/sextortion attacks.
  • There will be wider implementation of evasive techniques such as ASCII-based QR codes, Blob URIs, and moving the phishing content from the body of the email to an attachment.
  • Attackers will seek out and abuse more content creation and digital publishing platforms.
Phishing-as-a-service and credential theft

Barracuda’s detection data shows that in 2024 more than 85% of phishing attacks targeting customers were out to steal credentials. We expect this to increase to 90% or more over the next year.

PhaaS thrives in this attack vector. Over the next 12 months, we expect to see more advanced PhaaS kits appear, which will be able to steal MFA codes for credential phishing attacks.

We estimate that PhaaS-based credential phishing attacks currently account for around 30% of credential attacks detected, and we expect this will rise to more than half over the next year.

The abuse of legitimate URL protection services

For us, the most surprising discovery in 2024 was that that phishing attackers were exploiting trusted URL protection services, including those from leading security vendors to mask phishing links in attacks designed to steal credentials. We reported on this tactic in July, and it is still being implemented.

QR code and voicemail phishing

QR code and voicemail phishing currently account for around 20% of overall phishing detections. In October, we reported on the appearance of QR codes created using ASCII/Unicode text blocks, and we expect that tactic to continue to evolve. Attackers design ASCII-based QR codes and specially crafted Blob URI links to evade detection, and we expect the development and use of these and other evasive techniques to increase into 2025 and beyond.

HR impersonation

We anticipate a rise in phishing attacks impersonating the human resources department. Such attacks currently account for around 10% of the attacks detected, but we expect it to gain traction during the coming year, especially around key tax deadlines.

Misuse of content creation and publishing platform

Around 10% of the phishing attacks we’ve seen in 2024 are hosted in CCP (content creation platform) or DDP (digital document publishing) sites. We reported on this in September and expect the trend to continue as attackers find more CCP and DDP sites to host phishing pages.

Malicious attachments

The use of malicious attachments will continue to increase in popularity. We have already seen scores of emails where the phishing content was included in an HTML or PDF attachment, leaving the email body copy empty or with very minimal text. We suspect this behavior aims to evade machine learning-based analysis of body copy. Furthermore, we expect this type of attack to increase in 2025.

Personalized extortion

During 2024 we observed millions of extortion attacks targeting customers. In November, we reported how these attacks have evolved to threaten customers using Google Street View and photographs to show their home and street. In 2025, we expect extortion attacks to become even more personalized and demand higher payments.

AI with everything

Attackers will increasingly leverage AI, legitimate sites, and redirects to make their phishing attacks look as genuine as possible. With the help of AI, attackers can create even more convincing phishing emails that look exactly like legitimate communications. These will include personalized content and precise grammar. Attackers will also use human-like emotional appeals based on an analysis of the recipient’s social media and communication history.

Protection against evolving techniques

Phishing remains a powerful cyberthreat. It is relatively low-cost, low-skill, quick, and easy to implement and offers high potential success rates. Phishing techniques advanced significantly during 2024. We expect cyberattackers to continue refining their methods to circumvent traditional security measures and more in 2025.

Our reports during 2024 show how phishing attacks are becoming more varied, opportunistic, and sophisticated. It is essential to have agile, innovative, multilayered defense strategies and foster a strong security culture to stay ahead of this ever-evolving threat.

This article was originally published at Barracuda Blog.

Photo: Watchwater / Shutterstock


Share This:
Ashok Sakthivel

Posted by Ashok Sakthivel

Leave a reply

Your email address will not be published. Required fields are marked *