A report from Darktrace found phishing is the threat actor’s preferred technique, with more than 30.4 million phishing emails observed in the organization’s customer fleet from December 2023 to December 2024. The report discovered threat actors are creating targeted, sophisticated emails to increase success rates of malicious campaigns.
Among the phishing emails detected in 2024:
- 70% were able to pass the DMARC authentication approach
- 55% bypassed all existing security measures before being detected
- 38% were spear-phishing attempts
- 32% utilized novel social engineering tactics (such as AI-generated text or QR codes)
Furthermore, threat actors were observed targeting third-party services commonly used in enterprises (such as QuickBooks, Adobe, and Microsoft SharePoint) to deploy phishing emails. When effectively exploiting the implicit trust in these platforms, malicious actors can bypass conventional defenses and increase phishing success rates.
The report also found that cybercrime-as-a-service (CaaS) threats, particularly ransomware-as-a-service (RaaS) and malware-as-a-service (MaaS), continue to be a threat. MaaS accounts for 57% of detected threats, representing a 17% increase from H1 2024.